• CM91 - �p���p ����p���� ���p������� Firewall

    From FAQServer@2:5020/181 to All on Fri Jun 13 07:37:07 2025
    [Q]: �p���p ����p���� ���p������� Firewall

    [A]: gor[e] (de-bug@mail.ru):

    Hy �����-� � �p����� IBM non-secure ���p䥩� ᬮ�p�� � ���� (�� ����������), � secure - � ������y. H� ���y ⠪�� ��᫠ �p����뢠��
    �⤥�쭮 �p����� ��� routed �p��䨪� � �⤥�쭮 ��� �p��䨪� ����, ���� �᫨ ����y 祣�-� �����, � �� �p��䨪 �� ������� ��p����p������ �� ���譨� ���p䥩� ��� ��������y筮 � ��p������. ��� �� ��� �p����� �� ����譥�
    ����:

    ;y��p��� ��p����� �p��䨪 �� �������� ��設��, �⮡� � ����� deny �� ��蠫 deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 137 secure both inbound l=no f=yes t=0
    deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 138 secure both inbound l=no f=yes t=0
    ;p��p�蠥� ���� �p�䨪 �� �����쭮� (secure) ���p䥩�
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 secure both both l=no f=yes t=0
    ;p��p�蠥� ����y� � ���譨� ftp
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 21 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 21 any 0 non-secure both inbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 ge 40000 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack ge 40000 any 0 non-secure both inbound l=no f=yes t=0
    ;p��p�蠥� ����y� � ���譨� www �p��p��
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 80 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 80 any 0 non-secure both inbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 443 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 443 any 0 non-secure both inbound l=no f=yes t=0
    ;p��p�蠥� ����y� � DNS �p��p�� �p������p�
    permit 0.0.0.0 0.0.0.0 10.106.255.199 255.255.255.255 udp any 0 eq 53 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 10.102.45.199 255.255.255.255 udp any 0 eq 53 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 10.100.18.199 255.255.255.255 udp any 0 eq 53 non-secure both outbound l=no f=yes t=0
    permit 10.106.255.199 255.255.255.255 0.0.0.0 0.0.0.0 udp eq 53 any 0 non-secure both inbound l=no f=yes t=0
    permit 10.102.45.199 255.255.255.255 0.0.0.0 0.0.0.0 udp eq 53 any 0 non-secure both inbound l=no f=yes t=0
    permit 10.100.18.199 255.255.255.255 0.0.0.0 0.0.0.0 udp eq 53 any 0 non-secure both inbound l=no f=yes t=0
    ;p��p�蠥� ����y� � ���譨� ssh �p��p��
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 22 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 22 any 0 non-secure both inbound l=no f=yes t=0
    ;jabber
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 5222 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 5222 any 0 non-secure both inbound l=no f=yes t=0
    ;IRC
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 6667 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 6667 any 0 non-secure both inbound l=no f=yes t=0
    ;���� �� SMTP � POP
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 110 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 110 any 0 non-secure both inbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 25 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all eq 25 any 0 non-secure both inbound l=no f=yes t=0
    ;NEWS �p��p�
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 119 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 119 any 0 non-secure both inbound l=no f=yes t=0
    ;�y��� �p�����
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 123 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp eq 123 any 0 non-secure both inbound l=no f=yes t=0
    ;Citrix ICA
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 1494 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 1494 any 0 non-secure both inbound l=no f=yes t=0
    ;VNC
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 5900 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 5900 any 0 non-secure both inbound l=no f=yes t=0
    ;Windows RDP
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 3389 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 3389 any 0 non-secure both inbound l=no f=yes t=0
    ;⮦� ��祬-� �� �y��� (Citrix, ��-��)
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 8422 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 8422 any 0 non-secure both inbound l=no f=yes t=0
    ;IDENT �p��p y ����
    permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 eq 113 non-secure local inbound l=no f=yes t=0
    permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 113 any 0 non-secure local outbound l=no f=yes t=0
    ;ftp �p��p y ����
    permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 eq 21 non-secure local inbound l=no f=yes t=0
    permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 21 any 0 non-secure local outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 ge 40000 non-secure local inbound l=no f=yes t=0
    permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack ge 40000 any 0 non-secure local outbound l=no f=yes t=0
    ;ssh �p��p y ����
    permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 eq 22 non-secure local inbound l=no f=yes t=0
    permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 22 any 0 non-secure local outbound l=no f=yes t=0
    ;��室�騥 ping
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp eq 8 any 0 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp eq 0 any 0 both both inbound l=no f=yes t=0
    ;OS/2 tracerte
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 ge 33438 non-secure both outbound l=no f=yes t=0
    permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp eq 11 any 0 non-secure both inbound l=no f=yes t=0
    ;���p�頥� ���� ��⠫쭮� �室�騩 � ��室�騩 �p��䨪 �� non-secure (���譥�) ���p䥩�
    deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 non-secure both inbound l=no f=yes t=0
    deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 non-secure both outbound l=yes f=yes t=0

    --- INN 2.7.3
    * Origin: This echo is READ-ONLY. Send %HELP to FAQSERVER at (2:5020/181)