# # LANインタフェースの回線使用率を監視する(FWX120を利用) # # # LANのインタフェースの設定(LAN1ポートを使用) # ip lan1 address 192.168.0.1/24 # # WANのインタフェースの設定(LAN2ポートを使用) # ip lan2 address dhcp ip lan2 nat descriptor 1 ip route default gateway dhcp lan2 # # NATの設定 # nat descriptor type 1 masquerade nat descriptor address outer 1 primary # # DHCPの設定 # dhcp service server dhcp scope 1 192.168.0.2-192.168.0.100/24 # # DNSの設定 # dns server (ISPより指定されたDNSサーバーのIPアドレス) dns private address spoof on # # フィルタの設定 # ip inbound filter 1001 reject-nolog * * tcp,udp * 135 ip inbound filter 1002 reject-nolog * * tcp,udp 135 * ip inbound filter 1003 reject-nolog * * tcp,udp * netbios_ns-netbios_ssn ip inbound filter 1004 reject-nolog * * tcp,udp netbios_ns-netbios_ssn * ip inbound filter 1005 reject-nolog * * tcp,udp * 445 ip inbound filter 1006 reject-nolog * * tcp,udp 445 * ip inbound filter 1007 reject-nolog 192.168.0.0/24 * * * * ip inbound filter 1099 pass-nolog * * * * * ip policy interface group 101 name=Private local lan1 ip policy address group 101 name=Private 192.168.0.0/24 ip policy address group 102 name=Any * ip policy service group 101 name="Open Services" ip policy service group 102 name=General dns ip policy service group 103 name=Mail pop3 smtp ip policy filter 1100 reject-nolog lan1 * * * * ip policy filter 1110 pass-nolog * * * * 102 ip policy filter 1122 static-pass-nolog * lan1 * * * ip policy filter 1123 static-pass-nolog * local * * * ip policy filter 1124 static-pass-log * * 192.168.0.0/24 * http ip policy filter 1150 pass-nolog * pp1 * * * ip policy filter 1500 reject-nolog pp* * * * * ip policy filter 1520 pass-log * lan1 * * 101 ip policy filter 1700 pass-nolog local * * * * ip policy filter 1710 static-pass-nolog * lan1 * * * ip policy filter 3000 reject-nolog * * * * * ip policy filter set 101 name="Internet Access" 1100 [1110 1123 [1124] 1122 1150] 1500 [1520] 1700 [1710] 3000 ip policy filter set enable 101 ip lan2 inbound filter list 1001 1002 1003 1004 1005 1006 1007 1099 # # Luaスクリプトのスケジュール設定 # schedule at 1 startup * lua (Luaスクリプトファイル名)