HardenedBSD/etc/rc.d/stf

80 lines
1.8 KiB
Plaintext
Raw Normal View History

#!/bin/sh
# $FreeBSD$
#
# PROVIDE: stf
# REQUIRE: netif routing
# KEYWORD: nojail
. /etc/rc.subr
. /etc/network.subr
name="stf"
start_cmd="stf_up"
stop_cmd="stf_down"
stf_up()
{
case ${stf_interface_ipv4addr} in
[Nn][Oo] | '')
;;
*)
# assign IPv6 addr and interface route for 6to4 interface
stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
OIFS="$IFS"
IFS=".$IFS"
set ${stf_interface_ipv4addr}
IFS="$OIFS"
hexfrag1=`hexprint $(($1*256 + $2))`
hexfrag2=`hexprint $(($3*256 + $4))`
ipv4_in_hexformat="${hexfrag1}:${hexfrag2}"
case ${stf_interface_ipv6_ifid} in
[Aa][Uu][Tt][Oo] | '')
for i in ${ipv6_network_interfaces}; do
laddr=`network6_getladdr ${i}`
case ${laddr} in
'')
;;
*)
break
;;
esac
done
stf_interface_ipv6_ifid=`expr "${laddr}" : \
'fe80::\(.*\)%\(.*\)'`
case ${stf_interface_ipv6_ifid} in
'')
stf_interface_ipv6_ifid=0:0:0:1
;;
esac
;;
esac
echo "Configuring 6to4 tunnel interface: stf0."
ifconfig stf0 create >/dev/null 2>&1
ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
prefixlen ${stf_prefixlen}
if [ -z "${rc_quiet}" ]; then
/sbin/ifconfig stf0
fi
# disallow packets to malicious 6to4 prefix
route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
;;
esac
}
stf_down()
{
echo "Removing 6to4 tunnel interface: stf0."
ifconfig stf0 destroy
route delete -inet6 2002:e000:: -prefixlen 20 ::1
route delete -inet6 2002:7f00:: -prefixlen 24 ::1
route delete -inet6 2002:0000:: -prefixlen 24 ::1
route delete -inet6 2002:ff00:: -prefixlen 24 ::1
}
load_rc_config $name
run_rc_command "$1"