hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-15 06:42:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Better RFC1918 network protection

Browse Source 
PR:		6278
Reviewed by:	phk
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
This commit is contained in:
Poul-Henning Kamp 1998-04-15 16:41:14 +00:00
parent 5a85f025f8
commit 3d10253c7d
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=35207
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/rc.firewall
View File

@ -1,6 +1,6 @@
############
# Setup system for firewall service.
# $Id: rc.firewall,v 1.15 1997/10/21 00:54:08 danny Exp $
# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $
if [ -f /etc/rc.conf ]; then
. /etc/rc.conf
@ -140,8 +140,11 @@ elif [ "${firewall_type}" = "simple" ]; then
# Stop RFC1918 nets on the outside interface
$fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif}
$fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif}
$fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif}
$fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif}
$fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif}
# Allow TCP through if setup succeeded
$fwcmd add pass tcp from any to any established