Биллинговая система Nodeny

uname -a
FreeBSD server.local.local 6.2-RELEASE-p12 FreeBSD 6.2-RELEASE-p12 #0: Fri Oct  2 16:23:40 UTC 2009     root@server.local.local:/usr/src/sys/i386/compile/NODENY  i386

ifconfig
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:02:44:20:3f:36
        media: Ethernet autoselect (10baseT/UTP)
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.168.5.2 netmask 0xffffff00 broadcast 192.168.5.255
        inet 10.1.6.226 netmask 0xffffff00 broadcast 10.1.6.255 -вот вторая локалка -
        ether 00:80:48:1f:f6:63
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 92.112.215.67 --> 195.5.5.201 netmask 0xffffffff
        Opened by PID 376

cat /etc/rc.firewall

#!/bin/sh -
f='/sbin/ipfw'

ifOut='tun0'

${f} -f flush

${f} add 50 allow tcp from any to me 22
${f} add 51 allow tcp from me 22 to any

${f} add 110 allow ip from any to any via lo0
${f} add 120 skipto 1000 ip from me to any
${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${f} add 160 skipto 2000 ip from any to me

${f} add 200 skipto 500 ip from any to any via ${ifOut}

${f} add 300 skipto 4500 ip from any to any in

${f} add 400 skipto 450 ip from any to any recv ${ifOut}
${f} add 420 divert 1 ip from any to any
${f} add 450 divert 2 ip from any to any
${f} add 490 allow ip from any to any

${f} add 500 skipto 32500 ip from any to any in
${f} add 510 divert 1 ip from any to any
${f} add 540 allow ip from any to any


${f} add 1000 allow udp from any 53,7723 to any
${f} add 1010 allow tcp from any to any setup keep-state
${f} add 1020 allow udp from any to any keep-state
${f} add 1100 allow ip from any to any

${f} add 2000 check-state
${f} add 2010 allow icmp from any to any
${f} add 2020 allow tcp from any to any 80,443
${f} add 2050 deny ip from any to any via ${ifOut}
${f} add 2060 allow udp from any to any 53,7723

${f} add 2100 deny ip from any to any

${f} add 32490 deny ip from any to any

${f} add 400 skipto 450 ip from any to any recv ${ifOut}
${f} add 420 divert 1 ip from any to any
${f} add 450 divert 2 ip from any to any
${f} add 490 allow ip from any to any

${f} add 400 divert 2 ip from any to any

ipfw add skipto 450 ip from any to any via rl0 out
ipfw add skipto 420 ip from any to any via rl0 in

00201 skipto 500 ip from any to any via rl0
00401 skipto 450 ip from any to any recv rl0