#!/usr/bin/m4 # ## $PFTS$ ## ## IPFW configuration script. Required M4 processor. ## ## Основные определения: ## tables 1-19 отведены для основных каналов. Остальные на autoincrement dnl ====================================================================== dnl Global configuration define(`ifVB', `em1')dnl Interface to Tuda define(`ifBB', `em0')dnl Interface to Suda define(`CUR_PIPE', `19')dnl Start pipe numeration from CUR_PIPE+1 define(`CUR_QUEUE', `19')dnl Start queue numeration from CUR_QUEUE+1 define(`CUR_TBL', `19')dnl Start table numeration from CUR_TBL+1 dnl ====================================================================== dnl Predefined macros dnl dnl ----- Small macros sets ---------------------------------------------- define(`TBL', `table(tbl_$1)')dnl define(`IPL', `ipl_$1')dnl dnl dnl ---------------------------------------------------------------------- dnl Macro: PIPE_CREATE - Create new ipfw pipe dnl Parameters: dnl 1 - pipe name dnl 2 - pipe bandwidth IN (for ME) dnl 3 - pipe bandwidth OUT (for ME) dnl 4 - additional parameters added to pipe .. string dnl Example: PIPE_CREATE(`TEST', `2048Kbit/s', `512Kbit/s') define(`PIPE_CREATE', `define(`CUR_PIPE', incr(CUR_PIPE))define(PIPE_$1_IN, CUR_PIPE)pipe CUR_PIPE config bw $2 $4 define(`CUR_PIPE', incr(CUR_PIPE))define(PIPE_$1_OUT, CUR_PIPE)pipe CUR_PIPE config bw $3 $4')dnl dnl ---------------------------------------------------------------------- dnl Macro: CREATE_PIPE_ON_IF - Create new ipfw pipe and add shaper rules dnl 1 - pipe name dnl 2 - customer interface dnl 3 - pipe bandwidth IN (for ME) dnl 4 - pipe bandwidth OUT (for ME) dnl 5 - additional parameters added to pipe .. string dnl Example: CREATE_PIPE_ON_IF(`TEST', `rl0', `2048Kbit/s', `512Kbit/s') define(`CREATE_PIPE_ON_IF', `# Shaper $1 on $2 define(if_$1, $2) PIPE_CREATE($1, $3, $4, $5) add pipe PIPE_$1_IN ip from any to any via if_$1 in // $1 IN add pipe PIPE_$1_OUT ip from any to any via if_$1 out // $1 OUT')dnl dnl ---------------------------------------------------------------------- dnl Macro: QUEUE_CREATE - Create new ipfw pipe dnl Parameters: dnl 1 - queue name dnl 2 - pipe name dnl 3 - options dnl Example: QUEUE_CREATE(`TEST', `SHARED', `weight 60 queue 100') define(`QUEUE_CREATE', `define(`CUR_QUEUE', incr(CUR_QUEUE))define(QUEUE_$1_IN, CUR_QUEUE)queue CUR_QUEUE config pipe PIPE_$2_IN $3 define(`CUR_QUEUE', incr(CUR_QUEUE))define(QUEUE_$1_OUT, CUR_QUEUE)queue CUR_QUEUE config pipe PIPE_$2_OUT $3')dnl dnl ---------------------------------------------------------------------- dnl Example: QUEUE_ADD(`TEST', `10.10.0.0/8) define(`QUEUE_ADD', `add queue QUEUE_$1_IN ip from $2 to any via ifBB // $1 IN QU add queue QUEUE_$1_OUT ip from any to $2 via ifVB // $1 OUT QU')dnl dnl ---------------------------------------------------------------------- define(`TBL_CREATE', `define(`CUR_TBL',incr(CUR_TBL))define(tbl_$1, CUR_TBL)table tbl_$1 flush')dnl define(`TBL_ADD', `table tbl_$1 add $2')dnl dnl define(`IPL_CREATE', `ifdef(`ipl_$1',define(`ipl_$1', ipl_$1,$2)1, define(`ipl_$1', `$2')2)')dnl dnl ---------------------------------------------------------------------- define(`PIPE_ADD', `add pipe PIPE_$1_IN ip from $2 to any recv ifBB in bridged // $1 IN add pipe PIPE_$1_OUT ip from any to $2 recv ifVB in bridged // $1 OUT')dnl dnl ---------------------------------------------------------------------- define(`PASS_IN', `add allow ip from any to $1 recv ifVB bridged') define(`PASS', `add allow ip from any to $1 recv ifBB bridged add allow ip from $1 to any recv ifVB bridged') dnl ====================================================================== # IPFW Options disable one_pass -f pipe flush -f flush add 5 pass ip from any to any # Loopback add 100 pass ip from any to any via lo0 add deny ip from 127.0.0.0/8 to any add deny ip from any to 127.0.0.0/8 # Access to me add 200 pass ip from any to me add deny tcp from any to me 22,199,25,587,2600-2609,1281 add deny udp from any to me 161 ###################################################### # Internet filters ###################################################### dnl ----------------------------------------------- dnl SMTP shaper dnl ----------------------------------------------- dnl PIPE_CREATE(`SMTP', `500Kbit/s', `700Kbit/s', `gred 0.002/50/80/0.1') dnl add pipe PIPE_SMTP_IN tcp from any to any 25 via ifVB in // SMTP IN dnl add pipe PIPE_SMTP_OUT tcp from any to any 25 via ifVB out // SMTP OUT dnl ----------------------------------------------- dnl Create SHARED queue dnl ----------------------------------------------- PIPE_CREATE(`SHARED', `4000Kbit/s', `4000Kbit/s', `queue 128KBytes') # C1 - pipe + shared pipe PIPE_CREATE(`C1', `512Kbit/s', `1536Kbit/s') PIPE_ADD(`C1', `192.160.0.0/20') QUEUE_CREATE(`C1', `SHARED', `weight 20') QUEUE_ADD(`C1', `192.160.0.0/20') # C2 PIPE_CREATE(`C2', `512Kbit/s', `1500Kbit/s') PIPE_ADD(`C2', `192.168.200.0/22') # No common queue PASS_IN(`192.168.200.0/22') dnl ###################################################### dnl Offline customers dnl ###################################################### dnl ############################################################ dnl Internal services dnl ############################################################ PIPE_CREATE(`STELLA', `128Kbit/s', `192Kbit/s') PIPE_ADD(`STELLA', `192.168.160.20') add allow ip from any to any bridged add allow ip from any to any via ifVB add allow ip from any to any via ifBB delete 5