🚀 go-pugleaf

mam taki malutki problemik
mam firewalla i 12 kompow w kafejce

## makra
ext = "rl0"
lokal = "rl1"
lan_lokal = "192.168.2.0/32"
porty = "{ 22, 23, 25, 80, 81, 25, 110, 113, 953, 6112 }"
pakiety = "echoreq"

## kafe

komp1 = "192.168.2.2"
komp2 = "192.168.2.3"
komp3 = "192.168.2.4"
komp4 = "192.168.2.5"
komp5 = "192.168.2.6"
komp6 = "192.168.2.7"
komp7 = "192.168.2.8"
komp8 = "192.168.2.9"
komp9 = "192.168.2.10"
komp10 = "192.168.2.11"
komp11 = "192.168.2.12"
komp12 = "192.168.2.15"


## 500 na lokal
altq on $lokal cbq bandwidth 400Kb queue { def, komp1, komp2, komp3, komp4,
komp5, komp6, komp7, komp8, komp9, komp10, komp11, komp12 }
queue def bandwidth 100% cbq (default)
queue komp1 bandwidth 100Kb cbq (ecn)
queue komp2 bandwidth 100Kb cbq (ecn)
queue komp3 bandwidth 100Kb cbq (ecn)
queue komp4 bandwidth 100Kb cbq (ecn)
queue komp5 bandwidth 100Kb cbq (ecn)
queue komp6 bandwidth 100Kb cbq (ecn)
queue komp7 bandwidth 100Kb cbq (ecn)
queue komp8 bandwidth 100Kb cbq (ecn)
queue komp9 bandwidth 100Kb cbq (ecn)
queue komp10 bandwidth 100Kb cbq (ecn)
queue komp11 bandwidth 100Kb cbq (ecn)
queue komp12 bandwidth 100Kb cbq (ecn)

## natowanie klientow z lokala i radiowy
nat on $ext from $lokal:network to any -> $ext
#nat on $ext from 213.25.136.94/32 to any -> $ext

block all
pass quick on lo0 all

# troszke blokujemy
block drop in quick on $ext from $lan_lokal to any
block drop out quick on $ext from any to $lan_lokal

# dopuszczamy swiat
pass in on $ext inet proto tcp from any to $ext port $porty flags S/SA keep
state

# odpowiedz na zapytania DNS
pass in quick on $ext proto udp from any to $ext port 53 keep state
pass in quick on $ext proto tcp from any to $ext port 53 flags S/SA keep
state
# odpowiedz na pingi

pass in inet proto icmp all icmp-type $pakiety keep state

## to co misie lubia najbardziej

pass in on $lokal from $komp1 to any keep state queue komp1
pass out on $lokal from any to $komp1 keep state queue komp1

pass in on $lokal from $komp2 to any keep state queue komp2
pass out on $lokal from any to $komp2 keep state queue komp2

pass in on $lokal from $komp3 to any keep state queue komp3
pass out on $lokal from any to $komp3 keep state queue komp3

pass in on $lokal from $komp4 to any keep state queue komp4
pass out on $lokal from any to $komp4 keep state queue komp4

pass in on $lokal from $komp5 to any keep state queue komp5
pass out on $lokal from any to $komp5 keep state queue komp5

pass in on $lokal from $komp6 to any keep state queue komp11
pass out on $lokal from any to $komp6 keep state queue komp6

pass in on $lokal from $komp7 to any keep state queue komp7
pass out on $lokal from any to $komp7 keep state queue komp7

pass in on $lokal from $komp8 to any keep state queue komp8
pass out on $lokal from any to $komp8 keep state queue komp8

pass in on $lokal from $komp9 to any keep state queue komp9
pass out on $lokal from any to $komp9 keep state queue komp9

pass in on $lokal from $komp10 to any keep state queue komp10
pass out on $lokal from any to $komp10 keep state queue komp10

pass in on $lokal from $komp11 to any keep state queue komp11
pass out on $lokal from any to $komp11 keep state queue komp11

pass in on $lokal from $komp12 to any keep state queue komp12
pass out on $lokal from any to $komp12 keep state queue komp12

## zezwalamy na wyjscie
pass out on $ext proto tcp all modulate state flags S/SA
pass out on $ext proto { udp, icmp } all keep state

i teraz nie moga grac mi po lanie w startcrafta wiecej niz 1n1 ..
dowiedzialem sie z start chodzi na 6112 porcie odblokwalem i nic ... moze
cos zwiazane z udp ? pliz o pomoc