/etc/rc.conf

firewall_enable="YES"

firewall_script="/etc/rc.ipfw"

natd_enable="YES"

natd_interface="nve0"

gateway_enable="YES"

natd_flags="-f /etc/natd_ubk.conf"

 "/etc/rc.ipfw"

ipfw='/sbin/ipfw -q'

fw="/sbin/ipfw -q add"

if_wan='nve0'

if_lan='rl0'

if_dmz='rl1'

lan='192.168.0.0/24'

if_wan_ip='217.x.x.x'

if_lan_ip='192.168.0.1'

nat_ip='192.168.0.4,192.168.0.9,192.168.0.11,192.168.0.15,192.168.0.2,192.168.5.254'

${ipfw} -f flush

for p in 4 9 11 13 16 18 19 21 23 24 25 41 42 44 51 52 150

do

$fw 50 count ip from any to 192.168.0.$p via ${if_lan} out

$fw 50 count ip from 192.168.0.$p to any via ${if_lan} in

done

for p in 16 22 254

do

$fw 50 count ip from any to 192.168.5.$p via ${if_lan} out

$fw 50 count ip from 192.168.5.$p to any via ${if_lan} in

done

${ipfw} add allow tcp from 192.168.1.2 to 140.211.166.95,69.147.83.33 dst-port 80 in via ${if_dmz}

${ipfw} add divert 8668 ip from 192.168.1.2 to 140.211.166.95,69.147.83.33 80 out via ${if_wan}

${ipfw} add allow tcp from 140.211.166.95,69.147.83.33 80 to 192.168.1.2 out via ${if_dmz}

#sh /etc/rc.ipfw &

З.ы. ${ipfw} -f flush