Difference between revisions of "Firewall Clarkconnect5 Netcafe dualwan"

Latest revision as of 15:22, 7 August 2009

Firewall Rule แยก เน็ท เกมส์ สำหรับ CC 5.0 Enterprise by [email protected]

นำไปวางใน /etc/firewall

<source lang=bash>

3. Use the web-based administration tool to change the firewall configuration.

1. Firewall mode
2. --------------
3. Possible configurations:
4. gateway trustedgateway standalone trustedstandalone dmz

MODE="gateway"

1. Interface roles
2. ----------------

EXTIF="ppp0 ppp1" LANIF="eth1" DMZIF="" WIFIF="" HOTIF="" DNSIF="ppp1"

1. Bandwidth management (QoS)
2. ---------------------------

BANDWIDTH_QOS="off" BANDWIDTH_UPSTREAM="" BANDWIDTH_DOWNSTREAM=""

1. Multipath
2. ----------

MULTIPATH="on" MULTIPATH_WEIGHTS="ppp1|1 ppp0|1"

1. Squid configuration
2. --------------------

SQUID_TRANSPARENT="off" SQUID_FILTER_PORT=""

1. VPN configuration
2. ------------------

IPSEC_SERVER="off" PPTP_SERVER="off"

1. 1. One-to-one NAT mode
2. ---------------------

ONE_TO_ONE_NAT_MODE="type2"

1. VPN LAN override
2. -----------------

LANNET=""

1. Protocol filtering (l7-filter)
2. When set to 'on', all forwarded traffic will pass through the l7-filter
3. daemon. l7-filter must be running or the firewall will ignore this setting.
4. ----------------------------------------------------------------------------

PROTOCOL_FILTERING="off"

1. Webconfig rules
2. ----------------
3. WARNING:
4. The firewall script will not perform further validation on the rules below.
5. Use the web-based administration tool to change the firewall configuration.
7. Name|Group|Flags|Protocol|Address|Port|Parameter
9. -Name and Group are symbolic names which only have meaning within the
10. web-based administration tool (webconfig).
11. -Flags are OR combined to produce a 4-byte bitmask. This needs to be
12. explained in full detail somewhere. Reading the source to IsValidFlags()
13. within the firewallrule.class file is the best documentation about this
14. at the moment.
15. -Protocol is an integer ID listed in /etc/protocols.
16. -Address is an IPv4, IPv6, or MAC/HW address depending on the rule's flags.
17. -Port is a TCP/UDP service address depending on the rule's flags and
18. protocol.
19. -Parameter can contain additional rule criteria depending on the rule's
20. flags and/or protocol.
22. NOTE: If editing these by hand, do not add spaces between fields.

RULES="\ Audition_Mark||0x10000400|6||18200:18210|ppp0 \ Cabal_Mark||0x10000400|6||38100|ppp0 \ DOTA-U1||0x10000001|17||6000:6500| \ DOTA1||0x10000001|6||6000:6500| \ DOTA_PC1||0x10000008|6|192.168.1.101|6101|6101 \ DOTA_PC10||0x10000008|6|192.168.1.110|6110|6110 \ DOTA_PC11||0x10000008|6|192.168.1.111|6111|6111 \ DOTA_PC12||0x10000008|6|192.168.1.112|6112|6112 \ DOTA_PC13||0x10000008|6|192.168.1.113|6113|6113 \ DOTA_PC14||0x10000008|6|192.168.1.114|6114|6114 \ DOTA_PC15||0x10000008|6|192.168.1.115|6115|6115 \ DOTA_PC16||0x10000008|6|192.168.1.116|6116|6116 \ DOTA_PC17||0x10000008|6|192.168.1.117|6117|6117 \ DOTA_PC18||0x10000008|6|192.168.1.118|6118|6118 \ DOTA_PC19||0x10000008|6|192.168.1.119|6119|6119 \ DOTA_PC2||0x10000008|6|192.168.1.102|6102|6102 \ DOTA_PC20||0x10000008|6|192.168.1.120|6120|6120 \ DOTA_PC21||0x10000008|6|192.168.1.121|6121|6121 \ DOTA_PC22||0x10000008|6|192.168.1.122|6122|6122 \ DOTA_PC23||0x10000008|6|192.168.1.123|6123|6123 \ DOTA_PC24||0x10000008|6|192.168.1.124|6124|6124 \ DOTA_PC25||0x10000008|6|192.168.1.125|6125|6125 \ DOTA_PC3||0x10000008|6|192.168.1.103|6103|6103 \ DOTA_PC4||0x10000008|6|192.168.1.104|6104|6104 \ DOTA_PC5||0x10000008|6|192.168.1.105|6105|6105 \ DOTA_PC6||0x10000008|6|192.168.1.106|6106|6106 \ DOTA_PC7||0x10000008|6|192.168.1.107|6107|6107 \ DOTA_PC8||0x10000008|6|192.168.1.108|6108|6108 \ DOTA_PC9||0x10000008|6|192.168.1.109|6109|6109 \ Dekaron_Mark||0x10000400|6||50000:50010|ppp0 \ DotA-Mark||0x10000400|6||6101:6200|ppp0 \ Driftstreet_Mark||0x10000400|6||11000:11100|ppp0 \ FTP_Mark||0x10000400|6||21|ppp1 \ Fifa2_Mark||0x10000400|6||2180:2200|ppp0 \ Freestyle_Mark||0x10000400|6||33331|ppp0 \ Ge_Mark||0x10000400|6||7000:7003|ppp0 \ Ghost_Mark||0x10000400|6||13001:14000|ppp0 \ Gunbound_Mark||0x10000400|6||8350:8365|ppp0 \ Hipstreet2_Mark||0x10000400|6||4000|ppp0 \ Hipstreet_Mark||0x10000400|6||790:800|ppp0 \ Http||0x10000400|6||80|ppp1 \ Https||0x10000400|6||443|ppp1 \ IP_Bonus||0x10000400|6||45800:45809|ppp0 \ Luna||0x10000400|6||14800:15800|ppp0 \ MSN||0x10000400|6||1863|ppp1 \ MSNUDP||0x10000400|17||1863|ppp1 \ PB_TCP||0x10000400|6||39190|ppp0 \ PB_UDP||0x10000400|17||39190|ppp0 \ PC1||0x10800000|0|192.168.1.250|| \ PC2||0x10800000|0|192.168.1.251|| \ PC2Wlan||0x10800000|0|192.168.1.222|| \ Pangya2_Mark||0x10000400|6||44999|ppp0 \ Pangya_Mark||0x10000400|6||20200:20205|ppp0 \ Playplus||0x10000400|6||2106|ppp0 \ Point_Blank_Mark||0x10000400|6||39190:40010|ppp0 \ Point_Blank_UDP_Mark||0x10000400|17||39190:40010|ppp0 \ Ragnarok1||0x10000400|6||6900|ppp0 \ Ragnarok2||0x10000400|6||5000|ppp0 \ Raycity_Mark||0x10000400|6||2100:2200|ppp0 \ SSH||0x10000001|6||22| \ Specialforce_Mark||0x10000400|6||27900:28000|ppp0 \ Specialforce_UDP_Mark||0x10000400|17||20000:21000|ppp0 \ Squid||0x10000400|6||3128|ppp1 \ Squid2_Mark||0x10000400|17||3128|ppp1 \ Sudden_Attack_Mark||0x10000400|6||12001:13000|ppp0 \ Sudden_Attack_Udp_Mark||0x10000400|17||27000:27100|ppp0 \ Webconfig||0x10000001|6||81| \ Xshot2_Mark||0x10000400|17||30000|ppp0 \ Xshot_Mark||0x10000400|6||7000:7440|ppp0 \ webservice||0x10000001|6||1875| \ "

1. vim: ts=4 syntax=sh

</source>