База знаний: Общий FAQ
Блокируем зарубежний трафик на Windows 2003
Отправлено Алексей Ефименко в 16 January 2012 04:00 PM

Скачиваем  и устанавливаем программу с сайта http://wipfw.sourceforge.net/

Прямая ссылка: http://sourceforge.net/projects/wipfw/files/stable/wipfw-0.2.8.zip/download


Правим конфиг программы wipfw.conf :

-f flush

# Localhost rules
add 100 allow all from any to any via lo*

# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 110 deny log all from 127.0.0.0/8 to any in

#Testing rules, to find ports used by services if we aren't sure. These rules allow ALL traffic to pass through the firewall, disabling any subsequent rules
#add 140 allow log logamount 500 tcp from any to any
#add 150 allow log logamount 500 udp from any to any

add check-state
#add pass all from me to any out keep-state
#add count log ip from any to any


add allow ip from 1.0.0.0/8 to xx.xx.xx.xx
add allow ip from xx.xx.xx.xx to 1.0.0.0/8

add allow ip from 93.84.0.0/15 to xx.xx.xx.xx
add allow ip from xx.xx.xx.xx to 93.84.0.0/15

add allow ip from 82.209.192.0/18 to xx.xx.xx.xx
add allow ip from xx.xx.xx.xx to 82.209.192.0/18

add allow ip from 86.57.128.0/17 to xx.xx.xx.xx
add allow ip from xx.xx.xx.xx to 86.57.128.0/17


Где xx.xx.xx.xx ваш IP сервера
все  белорусские IP  тут http://datacenter.by/ip/


© ЦОД РУП "Белтелеком"