Биллинговая система Nodeny

#!/bin/sh -
f='/sbin/ipfw'
ifOut='em0'

#Blokiruemie seti
${f} table 120 flush
${f} table 120 add 224.0.0.0/4
${f} table 120 add 192.168.0.0/16
${f} table 120 add 172.16.0.0/12

${f} -f flush

${f} add 50 allow tcp from any to me 22
${f} add 51 allow tcp from me 22 to any
#Zabbix agent
${f} add 52 allow tcp from any to me 10050
${f} add 53 allow tcp from me 10050 to any
${f} add 54 allow tcp from any to me 10051
${f} add 55 allow tcp from me 10051 to any


${f} add 100 deny tcp from any to any 445

${f} add 110 allow ip from any to any via lo0
${f} add 120 skipto 1000 ip from me to any
${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${f} add 140 deny ip from any to "table(120)"
${f} add 150 deny ip from "table(120)" to any
${f} add 160 skipto 2000 ip from any to me

${f} add 200 skipto 500 ip from any to any via ${ifOut}

${f} add 300 skipto 4500 ip from any to any in

${f} add 400 skipto 450 ip from any to any recv ${ifOut}
${f} add 420 divert 1 ip from any to any
${f} add 450 divert 2 ip from any to any
${f} add 490 allow ip from any to any

${f} add 500 skipto 32500 ip from any to any in
${f} add 510 divert 1 ip from any to any
${f} add 540 allow ip from any to any

${f} add 1000 allow udp from any 53,7723 to any
${f} add 1010 allow tcp from any to any setup keep-state
${f} add 1020 allow udp from any to any keep-state
${f} add 1100 allow ip from any to any

${f} add 2000 check-state
${f} add 2010 allow icmp from any to any
${f} add 2020 allow tcp from any to any 80,443,514,411
${f} add 2050 deny ip from any to any via ${ifOut}
${f} add 2060 allow udp from any to any 53,7723,514,411
${f} add 2100 deny ip from any to any


${f} add 32490 deny ip from any to any