[Q]: �p���p ����p���� ���p������� Firewall
[A]: gor[e] (
de-bug@mail.ru):
Hy �����-� � �p����� IBM non-secure ���p䥩� ᬮ�p�� � ���� (�� ����������), � secure - � ������y. H� ���y ⠪�� �� �p����뢠��
�⤥�쭮 �p����� ��� routed �p��䨪� � �⤥�쭮 ��� �p��䨪� ����, ���� � ����y 祣�-� �����, � �� �p��䨪 �� ������� ��p����p������ �� ���譨� ���p䥩� ��� ��������y筮 � ��p������. ��� �� ��� �p����� �� ����譥�
����:
;y��p��� ��p����� �p��䨪 �� �������� ��設��, �⮡� � ����� deny �� ��蠫 deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 137 secure both inbound l=no f=yes t=0
deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 138 secure both inbound l=no f=yes t=0
;p��p�蠥� ���� �p�䨪 �� �����쭮� (secure) ���p䥩�
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 secure both both l=no f=yes t=0
;p��p�蠥� ����y� � ���譨� ftp
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 21 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 21 any 0 non-secure both inbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 ge 40000 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack ge 40000 any 0 non-secure both inbound l=no f=yes t=0
;p��p�蠥� ����y� � ���譨� www �p��p��
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 80 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 80 any 0 non-secure both inbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 443 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 443 any 0 non-secure both inbound l=no f=yes t=0
;p��p�蠥� ����y� � DNS �p��p�� �p������p�
permit 0.0.0.0 0.0.0.0 10.106.255.199 255.255.255.255 udp any 0 eq 53 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 10.102.45.199 255.255.255.255 udp any 0 eq 53 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 10.100.18.199 255.255.255.255 udp any 0 eq 53 non-secure both outbound l=no f=yes t=0
permit 10.106.255.199 255.255.255.255 0.0.0.0 0.0.0.0 udp eq 53 any 0 non-secure both inbound l=no f=yes t=0
permit 10.102.45.199 255.255.255.255 0.0.0.0 0.0.0.0 udp eq 53 any 0 non-secure both inbound l=no f=yes t=0
permit 10.100.18.199 255.255.255.255 0.0.0.0 0.0.0.0 udp eq 53 any 0 non-secure both inbound l=no f=yes t=0
;p��p�蠥� ����y� � ���譨� ssh �p��p��
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 22 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 22 any 0 non-secure both inbound l=no f=yes t=0
;jabber
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 5222 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 5222 any 0 non-secure both inbound l=no f=yes t=0
;IRC
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 6667 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 6667 any 0 non-secure both inbound l=no f=yes t=0
;���� �� SMTP � POP
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 110 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 110 any 0 non-secure both inbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 25 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all eq 25 any 0 non-secure both inbound l=no f=yes t=0
;NEWS �p��p�
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 119 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 119 any 0 non-secure both inbound l=no f=yes t=0
;�y��� �p�����
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 123 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp eq 123 any 0 non-secure both inbound l=no f=yes t=0
;Citrix ICA
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 1494 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 1494 any 0 non-secure both inbound l=no f=yes t=0
;VNC
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 5900 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 5900 any 0 non-secure both inbound l=no f=yes t=0
;Windows RDP
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 3389 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 3389 any 0 non-secure both inbound l=no f=yes t=0
;⮦� ��祬-� �� �y��� (Citrix, ��-��)
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 8422 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp/ack eq 8422 any 0 non-secure both inbound l=no f=yes t=0
;IDENT �p��p y ����
permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 eq 113 non-secure local inbound l=no f=yes t=0
permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 113 any 0 non-secure local outbound l=no f=yes t=0
;ftp �p��p y ����
permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 eq 21 non-secure local inbound l=no f=yes t=0
permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 21 any 0 non-secure local outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 ge 40000 non-secure local inbound l=no f=yes t=0
permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack ge 40000 any 0 non-secure local outbound l=no f=yes t=0
;ssh �p��p y ����
permit 0.0.0.0 0.0.0.0 85.30.194.227 255.255.255.255 tcp any 0 eq 22 non-secure local inbound l=no f=yes t=0
permit 85.30.194.227 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 22 any 0 non-secure local outbound l=no f=yes t=0
;��室�騥 ping
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp eq 8 any 0 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp eq 0 any 0 both both inbound l=no f=yes t=0
;OS/2 tracerte
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 ge 33438 non-secure both outbound l=no f=yes t=0
permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp eq 11 any 0 non-secure both inbound l=no f=yes t=0
;���p�頥� ���� ��⠫쭮� �室�騩 � ��室�騩 �p��䨪 �� non-secure (���譥�) ���p䥩�
deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 non-secure both inbound l=no f=yes t=0
deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 non-secure both outbound l=yes f=yes t=0
--- INN 2.7.3
* Origin: This echo is READ-ONLY. Send %HELP to FAQSERVER at (2:5020/181)