#!/usr/local/bin/bash
 
cmd="/sbin/ipfw -q"
$cmd -f flush
 
# Интерфейс, на котором слушаем
WAN="igb0"
IP="51.51.51.51"
 
# IP, на который будем пробрасывать порты
ToIP="163.33.33.3"
 
#
LIM="30"
 
$cmd enable one_pass
$cmd add allow all from any to any via lo0
$cmd add deny all from any to 127.0.0.0/8
$cmd add deny all from 127.0.0.0/8 to any
$cmd add deny all from any to any frag
 
#$cmd add check-state
#$cmd add allow tcp from any to any established
#$cmd add allow all from any to any out keep-state
 
# table admin
$cmd table admin create missing
$cmd table admin add 46.160.11.11
$cmd table admin add 109.111.64.0/19
 
# ssh to admin
$cmd add allow ip from "table(admin)" to me 22
 
# table bad boys
$cmd table badb create missing
$cmd add deny ip from "table(badb)" to me
 
# dns
DNS="8.8.8.8,1.1.1.1"
$cmd add allow udp from ${DNS} to ${IP} in via ${WAN}
$cmd add allow udp from ${IP} to ${DNS} out via ${WAN}
 
# HTTP && HTTPS
#$cmd add allow tcp from any to me 443 in limit src-addr 80
#$cmd add allow tcp from any to me 80 in limit src-addr 80