#!/bin/shoif="xl0"nagios="66..."nagios2="66..."nagios3="66..."/sbin/ipfw -f flushsysctl net.inet.ip.fw.dyn_max=32000table_lamers="/etc/firewall/blacklist"table_ssh="/etc/firewall/ssh"table_mdix="/etc/firewall/mdix"for a in `cat $table_lamers|grep -v "#"`; do /sbin/ipfw table 4 add $adonefor a in `cat $table_ssh|grep -v "#"`; do /sbin/ipfw table 2 add $adonefor a in `cat $table_mdix|grep -v "#"`; do /sbin/ipfw table 3 add $adoneipfw add 50 drop all from 'table(4)' to meipfw add 100 pass all from any to any via lo0ipfw add 140 deny ip from any to me dst-port 25ipfw add 160 allow tcp from 'table(3)' to me 80 limit src-addr 20ipfw add 161 allow tcp from 'table(3)' to me 81 limit src-addr 20ipfw add pass tcp from any to any establishedipfw add pass all from any to any fragipfw add check-stateipfw add allow ip from me to any keep-stateipfw add pass all from ${nagios} to meipfw add pass all from ${nagios2} to meipfw add pass all from ${nagios3} to meipfw add allow tcp from 'table(2)' to me 22 setupipfw add allow udp from any to any 33434-33534ipfw add pass icmp from any to any icmptype 0 via ${oif}ipfw add pass icmp from any to any icmptype 3 via ${oif}ipfw add pass icmp from any to any icmptype 8 via ${oif}