1

Тема: Не работает transparent proxy

Хочу настроить transparent proxy уже 2 день и не как не заработает, подскажите пожалуйста, что не так?
У меня FreeBSD 8.4, Squid 3.4 и PF.
Вот конфиги:

+ открыть спойлер

rc.conf

#FONT
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
font8x8="cp866-8x8"

#HOST
hostname="c1.any.com"
ifconfig_em0="inet 192.168.10.100 netmask 255.255.255.0"
ifconfig_em1="inet 10.10.10.10 netmask 255.255.255.0"
defaultrouter="192.168.10.1"

#KEYBORD
keymap="ru.koi8-r"
keyrate="fast"
scrnmap="koi8-r2cp866"

#NTP
ntpd_enable="YES"
#ntpdate_hosts="europe.pool.ntp.org"

#SSH
sshd_enable="YES"

#DNS
named_enable="YES"
named_program="/usr/sbin/named"
named_flags="-c /etc/namedb/named.conf"
named_pidfile="/var/run/named/pid"
named_uid="bind"
named_chrootdir="/var/named"
named_chroot_autoupdate="YES"

#DHCP
dhcpd_enable="yes"
dhcpd_iface="em1"

#INET
inetd_enable="yes"

#SENDMAIL
sendmail_enable="yes"

#SQUID
squid_enable="yes"

#PF
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
+ открыть спойлер

pf.conf

ext_if = "em0" # macro for external interface - use tun0 for PPPoE
int_if = "em1" # macro for internal interface

nat on $ext_if from $int_if:network to any -> ($ext_if)

tcp_services = "{ ssh, smtp, domain, 953, http, https, 110, 821, 1723, 3128, 3129, nfsd, rpcbind }"
ftp_ports = "{ ftp, ftp-data }"
udp_services = "{ domain, ntp, rpcbind, 821, 1723, nfsd, 3130 }"

#block in all

pass quick inet proto gre to any keep state

pass quick inet proto { tcp, udp } from any to any port $ftp_ports keep state
pass quick inet proto { tcp, udp } from any to any port > 18000 keep state

pass quick inet proto udp to any port $udp_services keep state
pass quick inet proto tcp to any port $tcp_services keep state
pass quick inet proto { tcp, udp, icmp } from $int_if:network to any keep state

pass quick inet proto icmp from any to any

pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state

pass quick inet proto { tcp, udp } from any to port { nfsd, rpcbind } keep state

pass quick inet proto { tcp, udp } from any to port 883 keep state

pass quick inet proto { tcp, udp } from any to port 884 keep state

pass quick inet proto { tcp, udp } from any to port 885 keep state

block in log all

rdr proto tcp from 10.10.10.0/24 to any port 80 -> 127.0.0.1 port 3129
+ открыть спойлер

squid.conf

auth_param basic program /usr/local/libexec/squid/basic_ncsa_auth /usr/local/etc
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl passwd proxy_auth REQUIRED
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl myhost src 192.168.10.100 10.10.10.10
acl mynet src 192.168.10.0/24 10.10.10.0/24
acl vk dstdomain .vk.com
acl wt time 10:00-23:00
acl ya dstdomain .ya.ru .yandex.ru
acl media urlpath_regex -i \.mpg$ \.avi$ \.mp3$

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost

# Mysettings
http_access allow myhost
http_access deny vk
http_access allow ya passwd
http_access deny ya
http_access allow mynet wt

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128
http_port 3129 transparent

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/squid/cache 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache

delay_pools 1
delay_class 1 1
delay_parameters 1 400/400
delay_access 1 allow media
delay_access 1 deny all

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
+ открыть спойлер

sysctl.conf

# $FreeBSD: release/8.4.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
#  This file is read when going to multi-user and its contents piped thru
#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
#

# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

При том если отключить прозрачное прокси и в браузере выставить настройки прокси все отлично работает. Squid ставил с портов при конфигурации выбрал Transparent proxy with PF.
Заранее спасибо!

2

Re: Не работает transparent proxy

В директиве http_port опция transparent задолго до 3.4 переименована в intercept, см. http://www.squid-cache.org/Doc/config/http_port/

squid -k parse
поможет проверить синтаксис файла конфигурации.

3

Re: Не работает transparent proxy

bormant пишет

В директиве http_port опция transparent задолго до 3.4 переименована в intercept, см. http://www.squid-cache.org/Doc/config/http_port/

squid -k parse
поможет проверить синтаксис файла конфигурации.

Не заработало.
Проверил через squid -k parse вроде нету ошибок

+ открыть спойлер
2014/12/08 22:10:56| Startup: Initializing Authentication Schemes ...
2014/12/08 22:10:56| Startup: Initialized Authentication Scheme 'basic'
2014/12/08 22:10:56| Startup: Initialized Authentication Scheme 'digest'
2014/12/08 22:10:56| Startup: Initialized Authentication Scheme 'negotiate'
2014/12/08 22:10:56| Startup: Initialized Authentication Scheme 'ntlm'
2014/12/08 22:10:56| Startup: Initialized Authentication.
2014/12/08 22:10:56| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2014/12/08 22:10:56| Processing: auth_param basic program /usr/local/libexec/squid/basic_ncsa_auth /usr/local/etc/squid/passwd
2014/12/08 22:10:56| Processing: auth_param basic children 5
2014/12/08 22:10:56| Processing: auth_param basic realm Squid proxy-caching webserver
2014/12/08 22:10:56| Processing: auth_param basic credentialsttl 2 hours
2014/12/08 22:10:56| Processing: acl passwd proxy_auth REQUIRED
2014/12/08 22:10:56| Processing: acl SSL_ports port 443
2014/12/08 22:10:56| Processing: acl Safe_ports port 80         # http
2014/12/08 22:10:56| Processing: acl Safe_ports port 21         # ftp
2014/12/08 22:10:56| Processing: acl Safe_ports port 443                # https
2014/12/08 22:10:56| Processing: acl Safe_ports port 70         # gopher
2014/12/08 22:10:56| Processing: acl Safe_ports port 210                # wais
2014/12/08 22:10:56| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2014/12/08 22:10:56| Processing: acl Safe_ports port 280                # http-mgmt
2014/12/08 22:10:56| Processing: acl Safe_ports port 488                # gss-http
2014/12/08 22:10:56| Processing: acl Safe_ports port 591                # filemaker
2014/12/08 22:10:56| Processing: acl Safe_ports port 777                # multiling http
2014/12/08 22:10:56| Processing: acl CONNECT method CONNECT
2014/12/08 22:10:56| Processing: acl myhost src 192.168.10.100 10.10.10.10
2014/12/08 22:10:56| Processing: acl mynet src 192.168.10.0/24 10.10.10.0/24
2014/12/08 22:10:56| Processing: acl rambler dstdomain .rambler.ru
2014/12/08 22:10:56| Processing: acl wt time 10:00-23:00
2014/12/08 22:10:56| Processing: acl ya dstdomain .ya.ru .yandex.ru
2014/12/08 22:10:56| Processing: acl media urlpath_regex -i \.mpg$ \.avi$ \.mp3$
2014/12/08 22:10:56| Processing: http_access deny !Safe_ports
2014/12/08 22:10:56| Processing: http_access deny CONNECT !SSL_ports
2014/12/08 22:10:56| Processing: http_access allow localhost manager
2014/12/08 22:10:56| Processing: http_access deny manager
2014/12/08 22:10:56| Processing: http_access allow localhost
2014/12/08 22:10:56| Processing: http_access allow myhost
2014/12/08 22:10:56| Processing: http_access deny rambler
2014/12/08 22:10:56| Processing: http_access allow ya passwd
2014/12/08 22:10:56| Processing: http_access deny ya
2014/12/08 22:10:56| Processing: http_access allow mynet wt
2014/12/08 22:10:56| Processing: http_access deny all
2014/12/08 22:10:56| Processing: http_port 127.0.0.1:3128
2014/12/08 22:10:56| Processing: http_port 127.0.0.1:3129 intercept
2014/12/08 22:10:56| Starting Authentication on port 127.0.0.1:3129
2014/12/08 22:10:56| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2014/12/08 22:10:56| Processing: cache_dir ufs /var/squid/cache 100 16 256
2014/12/08 22:10:56| Processing: coredump_dir /var/squid/cache
2014/12/08 22:10:56| Processing: delay_pools 1
2014/12/08 22:10:56| Processing: delay_class 1 1
2014/12/08 22:10:56| Processing: delay_parameters 1 400/400
2014/12/08 22:10:56| Processing: delay_access 1 allow media
2014/12/08 22:10:56| Processing: delay_access 1 deny all
2014/12/08 22:10:56| Processing: refresh_pattern ^ftp:          1440    20%    10080
2014/12/08 22:10:56| Processing: refresh_pattern ^gopher:       1440    0%     1440
2014/12/08 22:10:56| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%     0
2014/12/08 22:10:56| Processing: refresh_pattern .              0       20%    4320

В чем еще может быть проблема?

4

Re: Не работает transparent proxy

imix1
В настроках SQUID укажите один параметр

http_port 3129 intercept

http_port 3128 закомментируйте

5

Re: Не работает transparent proxy

Bif пишет

imix1
В настроках SQUID укажите один параметр

http_port 3129 intercept

http_port 3128 закомментируйте

Не помогло.
Причем на той машине через которую не получается зайти на сайты, они прекрасно пингуются.

6

Re: Не работает transparent proxy

Добавьте в rc.conf
gateway_enable="YES"

Попробуйте изменить pf.conf

ext_if = "em0" # macro for external interface - use tun0 for PPPoE
int_if = "em1" # macro for internal interface

tcp_services = "{ ssh, smtp, domain, 953, http, https, 110, 821, 1723, 3128, 3129, nfsd, rpcbind }"
ftp_ports = "{ ftp, ftp-data }"
udp_services = "{ domain, ntp, rpcbind, 821, 1723, nfsd, 3130 }"

## variables
set skip on lo

## translations
rdr on $int_if proto tcp from 10.10.10.0/24 to any port 80 -> 127.0.0.1 port 3129
nat on $ext_if from $int_if:network to any -> ($ext_if)

## filter rules

#block in all

pass quick inet proto gre to any keep state

pass quick inet proto { tcp, udp } from any to any port $ftp_ports keep state
pass quick inet proto { tcp, udp } from any to any port > 18000 keep state

pass quick inet proto udp to any port $udp_services keep state
pass quick inet proto tcp to any port $tcp_services keep state
pass quick inet proto { tcp, udp, icmp } from $int_if:network to any keep state
pass quick inet proto icmp from any to any
pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state
pass quick inet proto { tcp, udp } from any to port { nfsd, rpcbind } keep state
pass quick inet proto { tcp, udp } from any to port 883 keep state
pass quick inet proto { tcp, udp } from any to port 884 keep state
pass quick inet proto { tcp, udp } from any to port 885 keep state

block in log all

7

Re: Не работает transparent proxy

к сожалению не помогло

8

Re: Не работает transparent proxy

На всякий случай покажите

ipfw show
pfctl -sn
pfctl -ss | grep 127.0.0.1
pfctl -sr
tcpdump -i lo0 -n

показывает пакеты?

9 (11.12.2014 20:52:51 отредактировано imix1)

Re: Не работает transparent proxy

pitdron пишет

На всякий случай покажите

ipfw show
pfctl -sn
pfctl -ss | grep 127.0.0.1
pfctl -sr
tcpdump -i lo0 -n

показывает пакеты?

вот что показывает

+ открыть спойлер
root@c1:~/data # ipfw show
ipfw: getsockopt(IP_FW_GET): Protocol not available

root@c1:~/data # pfctl -sn
No ALTQ support in kernel
ALTQ related functions disabled
nat on em0 inet from 10.10.10.0/24 to any -> (em0) round-robin
rdr on em1 inet proto tcp from 10.10.10.0/24 to any port = http -> 127.0.0.1 port 3129

root@c1:~/data # pfctl -ss | grep 127.0.0.1
No ALTQ support in kernel
ALTQ related functions disabled

root@c1:~/data # pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
pass quick inet proto gre all keep state
pass quick inet proto tcp from any to any port = ftp flags S/SA keep state
pass quick inet proto tcp from any to any port = ftp-data flags S/SA keep state
pass quick inet proto udp from any to any port = ftp keep state
pass quick inet proto udp from any to any port = ftp-data keep state
pass quick inet proto tcp from any to any port > 18000 flags S/SA keep state
pass quick inet proto udp from any to any port > 18000 keep state
pass quick inet proto udp from any to any port = domain keep state
pass quick inet proto udp from any to any port = ntp keep state
pass quick inet proto udp from any to any port = sunrpc keep state
pass quick inet proto udp from any to any port = 821 keep state
pass quick inet proto udp from any to any port = 1723 keep state
pass quick inet proto udp from any to any port = nfsd keep state
pass quick inet proto udp from any to any port = 3130 keep state
pass quick inet proto tcp from any to any port = ssh flags S/SA keep state
pass quick inet proto tcp from any to any port = smtp flags S/SA keep state
pass quick inet proto tcp from any to any port = domain flags S/SA keep state
pass quick inet proto tcp from any to any port = rndc flags S/SA keep state
pass quick inet proto tcp from any to any port = http flags S/SA keep state
pass quick inet proto tcp from any to any port = https flags S/SA keep state
pass quick inet proto tcp from any to any port = pop3 flags S/SA keep state
pass quick inet proto tcp from any to any port = 821 flags S/SA keep state
pass quick inet proto tcp from any to any port = pptp flags S/SA keep state
pass quick inet proto tcp from any to any port = 3128 flags S/SA keep state
pass quick inet proto tcp from any to any port = 3129 flags S/SA keep state
pass quick inet proto tcp from any to any port = nfsd flags S/SA keep state
pass quick inet proto tcp from any to any port = sunrpc flags S/SA keep state
pass quick inet proto tcp from 10.10.10.0/24 to any flags S/SA keep state
pass quick inet proto udp from 10.10.10.0/24 to any keep state
pass quick inet proto icmp from 10.10.10.0/24 to any keep state
pass quick inet proto icmp all keep state
pass out on em0 inet proto udp from any to any port 33433 >< 33626 keep state
pass quick inet proto tcp from any to any port = nfsd flags S/SA keep state
pass quick inet proto tcp from any to any port = sunrpc flags S/SA keep state
pass quick inet proto udp from any to any port = nfsd keep state
pass quick inet proto udp from any to any port = sunrpc keep state
pass quick inet proto tcp from any to any port = 883 flags S/SA keep state
pass quick inet proto udp from any to any port = 883 keep state
pass quick inet proto tcp from any to any port = 884 flags S/SA keep state
pass quick inet proto udp from any to any port = 884 keep state
pass quick inet proto tcp from any to any port = 885 flags S/SA keep state
pass quick inet proto udp from any to any port = 885 keep state
block drop in log all

root@c1:~/data # tcpdump -i lo0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes
21:46:12.877018 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:46:33.070939 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:46:43.082651 IP 127.0.0.1.123 > 127.0.0.1.123: NTPv4, Client, length 48
21:46:53.146134 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:47:13.220242 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:47:33.303361 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:47:47.087155 IP 127.0.0.1.123 > 127.0.0.1.123: NTPv4, Client, length 48
21:47:53.394492 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:48:13.492655 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:48:33.558687 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:48:53.087810 IP 127.0.0.1.123 > 127.0.0.1.123: NTPv4, Client, length 48
21:48:53.702889 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:49:13.825977 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:49:33.903462 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:49:54.027327 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:49:57.089317 IP 127.0.0.1.123 > 127.0.0.1.123: NTPv4, Client, length 48
21:50:00.138473 IP 192.168.10.100.2049 > 192.168.10.100.793: Flags [F.], seq 2882082792, ack 3780535232, win 29127, options [nop,nop,TS val 1962546574 ecr 605687], length 0
21:50:00.138561 IP 192.168.10.100.793 > 192.168.10.100.2049: Flags [.], ack 1, win 16588, options [nop,nop,TS val 967758 ecr 1962546574], length 0
21:50:14.107032 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:50:34.210635 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:50:54.318372 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:51:01.090624 IP 127.0.0.1.123 > 127.0.0.1.123: NTPv4, Client, length 48
21:51:14.346259 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:51:34.429624 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:51:54.475020 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0
21:52:06.091374 IP 127.0.0.1.123 > 127.0.0.1.123: NTPv4, Client, length 48
21:52:14.557504 IP 127.0.0.1.52048 > 127.0.0.1.50496: UDP, length 0

10 (11.12.2014 20:52:16 отредактировано Kettler)

Re: Не работает transparent proxy

imix1 пишет

Причем на той машине через которую не получается зайти на сайты, они прекрасно пингуются.

Я не BSD-шник но вы издеваетесь

11

Re: Не работает transparent proxy

Попробуйте изменить правило rdr

rdr pass log on $int_if inet proto tcp from 10.10.10.0/24 to any port 80 -> lo port 3129

И смотрите в логе

tcpdump -e -t -i pflog0

12 (13.12.2014 14:06:44 отредактировано imix1)

Re: Не работает transparent proxy

pitdron пишет

Попробуйте изменить правило rdr

rdr pass log on $int_if inet proto tcp from 10.10.10.0/24 to any port 80 -> lo port 3129

И смотрите в логе

tcpdump -e -t -i pflog0

вот что пишет:

+ открыть спойлер
root@c1:~ # tcpdump -e -t -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-dgm > 192.168.10.255.netbios-dgm: NBT UDP PACKET(138)
rule 48/0(match): block in on em1: 192.168.88.1.netbios-dgm > 192.168.88.255.netbios-dgm: NBT UDP PACKET(138)
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: [|ip6]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: 192.168.10.1 > all-systems.mcast.net: igmp query v2
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: 192.168.10.1 > all-systems.mcast.net: igmp query v2
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em1: 192.168.88.1.netbios-ns > 192.168.88.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]
rule 48/0(match): block in on em0: win7.any.com.netbios-ns > 192.168.10.255.netbios-ns: [|SMB]