1

на фре установлен pf, squid (sams + rejik)
но не совсем понимаю что к чему....

необходимо:

    оптимизировать (убрать лишнее)
    максимально обезопасить (убедится, что дырок для пробных и не пробных атак минимальное количество и все под контролем)
    сделать возможным обновление винды (лицензия) из сети
    сделать возможным обновление drWeb (лицензия) из сети

    ### makros ###
    # локальная сеть
    int_if="rl0"

    # ADSL модем
    ext_if="tun0"

    lan_net="{192.168.0.0/24}"
    allowed_icmp_types="{echoreq,unreach}"

    SERVERS_table="{192.168.0.3, 192.168.0.6}"
    WinAdmin="192.168.0.6"
    NoRouteIPs="{127.0.0.0/8}"

    ### tables ###
    table <hacker> {175.203.96.109, 91.205.189.27}
    table <badhosts> persist
    table <msupdate> {46.33.68.78, 46.33.68.87, 46.33.68.121, 46.33.68.113, 65.55.184.152, 65.55.200.139, 65.55.53.190}

    ### options ###
    set block-policy drop
    set skip on lo0
    set timeout { frag 10, tcp.established 3600 }

    ### trafic normalize ###
    scrub in all

    #redirect
    #rdp to WinAdmin
    #rdr pass log on $ext_if proto tcp from any to ($ext_if) port {5900, 3389} -> $WinAdmin

    #nat
    nat pass on $ext_if from $lan_net to any port 21 -> $ext_if
    nat pass on $ext_if from $lan_net to any port 1023 -> $ext_if
    nat pass on $ext_if from $lan_net to any port 25 -> $ext_if
    nat pass on $ext_if from $lan_net to any port 110 -> $ext_if
    nat pass on $ext_if from $lan_net to any port 465 -> $ext_if
    nat pass on $ext_if from $lan_net to any port 995 -> $ext_if
    nat pass on $ext_if from $lan_net to any port 993 -> $ext_if

    # clientbank
    nat pass on $ext_if from {192.168.0.4} to {195.248.190.38} port 2193 -> $ext_if

    #servers
    nat pass on $ext_if from $SERVERS_table to any -> $ext_if

    ### filtering ##
    antispoof quick for $ext_if

    block log (all) all

    # block bed
    block in quick on $ext_if from <hacker> to any
    block in quick on $ext_if from <badhosts> to any

    #ssh
    pass in quick on $ext_if proto {tcp,udp} from any to self port 22

    pass out log inet proto icmp all icmp-type $allowed_icmp_types
    pass out log on $ext_if from $int_if:network to <msupdate>

    pass in quick on $int_if from $lan_net to any
    pass out quick on $int_if from self to $lan_net

    pass out quick on $ext_if from self to any keep state
    block in on $ext_if from any to any
openSUSE
Linux 2.6.34-12-desktop #1 SMP PREEMPT 2010-06-29 02:39:08 +0200 i686 i686 i386 GNU/Linux
KDE 4.4.4 release 2
QT Version 4.6.3

2

http://house.hcn-strela.ru/BSDCert/BSDA-course/apc.html

У Вас виндавс не глючит?
Да у Вас  РУКИ КРИВЫЕ!