FreeBSD+IPFILTER实现整网(N个Vlan)透明代理上网(5) block out quick on em0 from any to 192.0.2.0/24 group 11 block out quick on em0 from any to 204.152.64.0/23 group 11 block out quick on em0 from any to 224.0.0.0/3 group 11 block out quick on em0 from any to 20.20.20.0/24 group 11
#---------------------------------------------------------------- # Allow out all TCP, UDP, and ICMP traffic & keep state on it # so that it's allowed back in. #---------------------------------------------------------------- pass out quick on em0 proto tcp from any to any keep state group 11 pass out quick on em0 proto udp from any to any keep state group 11 pass out quick on em0 proto icmp from any to any keep state group 11 block out quick on em0 all group 11
#---------------------------------------------------------------- #Block in all traffice from the private address #---------------------------------------------------------------- block in quick on em0 all head 12 block in quick on em0 from 192.168.0.0/16 to any group 12 block in quick on em0 from 172.16.0.0/12 to any group 12 block in quick on em0 from 10.0.0.0/8 to any group 12 block in quick on em0 from 127.0.0.0/8 to any group 12
