mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 15:38:06 +01:00
Allow the network addresses and interface names for the "client" and
"workstation" firewall types to be set from rc.conf so that rc.firewall no longer needs local patching to be usable for those types. For now I've set the variables in /etc/defaults/rc.conf to the previous defaults in /etc/rc.firewall. PR: bin/65258 Submitted by: Valentin Nechayev netch of netch.kiev.ua Silence from: net MFC after: 2 weeks
This commit is contained in:
parent
176baffe3f
commit
66f8d384cf
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=181762
@ -115,6 +115,15 @@ firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
|
||||
firewall_quiet="NO" # Set to YES to suppress rule display
|
||||
firewall_logging="NO" # Set to YES to enable events logging
|
||||
firewall_flags="" # Flags passed to ipfw when type is a file
|
||||
firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
|
||||
firewall_simple_iif="ed1" # Inside network interface for "simple"
|
||||
# firewall.
|
||||
firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
|
||||
# firewall.
|
||||
firewall_simple_oif="ed0" # Outside network interface for "simple"
|
||||
# firewall.
|
||||
firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
|
||||
# firewall.
|
||||
firewall_myservices="" # List of TCP ports on which this host
|
||||
# offers services for "workstation" firewall.
|
||||
firewall_allowservices="" # List of IPs which have access to
|
||||
|
@ -164,10 +164,13 @@ case ${firewall_type} in
|
||||
############
|
||||
# This is a prototype setup that will protect your system somewhat
|
||||
# against people from outside your own network.
|
||||
#
|
||||
# Configuration:
|
||||
# firewall_client_net: Network address of local network.
|
||||
############
|
||||
|
||||
# set these to your network
|
||||
net="192.0.2.0/24"
|
||||
# set this to your local network
|
||||
net="$firewall_client_net"
|
||||
|
||||
# Allow limited broadcast traffic from my own net.
|
||||
${fwcmd} add pass all from ${net} to 255.255.255.255
|
||||
@ -207,15 +210,21 @@ case ${firewall_type} in
|
||||
# This is a prototype setup for a simple firewall. Configure this
|
||||
# machine as a DNS and NTP server, and point all the machines
|
||||
# on the inside at this machine for those services.
|
||||
#
|
||||
# Configuration:
|
||||
# firewall_simple_iif: Inside network interface.
|
||||
# firewall_simple_inet: Inside network address.
|
||||
# firewall_simple_oif: Outside network interface.
|
||||
# firewall_simple_onet: Outside network address.
|
||||
############
|
||||
|
||||
# set these to your outside interface network
|
||||
oif="ed0"
|
||||
onet="192.0.2.0/28"
|
||||
oif="$firewall_simple_oif"
|
||||
onet="$firewall_simple_onet"
|
||||
|
||||
# set these to your inside interface network
|
||||
iif="ed1"
|
||||
inet="192.0.2.16/28"
|
||||
iif="$firewall_simple_iif"
|
||||
inet="$firewall_simple_inet"
|
||||
|
||||
# Stop spoofing
|
||||
${fwcmd} add deny all from ${inet} to any in via ${oif}
|
||||
|
Loading…
Reference in New Issue
Block a user