From owner-freebsd-hackers Fri Oct 16 18:26:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA05024 for freebsd-hackers-outgoing; Fri, 16 Oct 1998 18:26:52 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from gras-varg.worldgate.com (gras-varg.worldgate.com [198.161.84.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA05015 for ; Fri, 16 Oct 1998 18:26:50 -0700 (PDT) (envelope-from skafte@gras-varg.worldgate.com) Received: (from skafte@localhost) by gras-varg.worldgate.com (8.9.1a/8.9.1) id TAA01972 for freebsd-hackers@FreeBSD.ORG; Fri, 16 Oct 1998 19:26:27 -0600 (MDT) Message-ID: <19981016192626.D1571@worldgate.com> Date: Fri, 16 Oct 1998 19:26:26 -0600 From: Greg Skafte To: freebsd-hackers@FreeBSD.ORG Subject: Re: couple of quick patches References: <19981016190330.C1571@worldgate.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19981016190330.C1571@worldgate.com>; from Greg Skafte on Fri, Oct 16, 1998 at 07:03:30PM -0600 Organization: WorldGate Inc. X-PGP-Fingerprint: 42 9C 2C A8 4D 2B C9 C4 7D B6 00 B0 50 47 20 97 X-URL: http://gras-varg.worldgate.com/~skafte Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG dohh ... sorry patch 2 is for rc.firewall when you specify a filename in rc.conf sorry .... Quoting Greg Skafte (skafte@worldgate.com) On Subject: couple of quick patches Date: Fri, Oct 16, 1998 at 07:03:30PM -0600 > Attached are 2 patches that I've done a send-pr on > > patch 1 > > added a changer definition for the HP SureStore 24x6 dds3 drive > > patch 2 > > fixes a small problem in rc.conf. > In rc.conf if you specify firewall="filename" the firewall does not load > > -- > Email: skafte@worldgate.com Voice: +403 413 1910 Fax: +403 421 4929 > #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 > -- -- > When things can't get any worse, they simplify themselves by getting a whole > lot worse then complicated. A complete and utter disaster is the simplest > thing in the world; it's preventing one that's complex. (Janet Morris) Content-Description: patch for surestore 24x6 dds3 tape changer > --- scsiconf.c 1998/10/16 20:34:15 1.1 > +++ scsiconf.c 1998/10/16 20:35:53 > @@ -357,6 +357,10 @@ > T_CHANGER, T_CHANGER, T_REMOV, "SONY", "TSL-7000", "*", > "ch", SC_MORE_LUS > }, > + { > + T_SEQUENTIAL, T_CHANGER, T_REMOV, "HP", "C1557A", "*", > + "ch", SC_MORE_LUS, > + }, > #endif /* NCH */ > #if NCD > 0 > #ifndef UKTEST /* make cdroms unrecognised to test the uk driver */ Content-Description: fix rc.firewall to accept and execute filename > --- /usr/src/etc/rc.firewall Wed Sep 16 22:24:21 1998 > +++ /etc/rc.firewall Thu Jul 2 14:27:09 1998 > @@ -1,10 +1,6 @@ > ############ > # Setup system for firewall service. > -# $Id: rc.firewall,v 1.6.2.9 1998/06/27 21:23:19 steve Exp $ > - > -if [ -f /etc/rc.conf ]; then > - . /etc/rc.conf > -fi > +# $Id: rc.firewall,v 1.6.2.5 1997/10/21 00:20:35 jkh Exp $ > > ############ > # Define the firewall type in /etc/rc.conf. Valid values are: > @@ -58,14 +54,6 @@ > $fwcmd -f flush > > ############ > -# These rules are required for using natd. All packets are passed to natd before > -# they encounter your remaining rules. The firewall rules will then be run again > -# on each packet after translation by natd, minus any divert rules (see natd(8)). > -if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then > - $fwcmd add divert natd all from any to any via ${natd_interface} > -fi > - > -############ > # If you just configured ipfw in the kernel as a tool to solve network > # problems or you just want to disallow some particular kinds of traffic > # they you will want to change the default policy to open. You can also > @@ -75,8 +63,8 @@ > > ############ > # Only in rare cases do you want to change these rules > -$fwcmd add 100 pass all from any to any via lo0 > -$fwcmd add 200 deny all from any to 127.0.0.0/8 > +$fwcmd add 1000 pass all from any to any via lo0 > +$fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8 > > > # Prototype setups. > @@ -148,11 +136,8 @@ > > # Stop RFC1918 nets on the outside interface > $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} > - $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} > $fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} > - $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} > $fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} > - $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} > > # Allow TCP through if setup succeeded > $fwcmd add pass tcp from any to any established > @@ -183,5 +168,5 @@ > # Everything else is denied as default. > > elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then > - $fwcmd ${firewall_type} > + . ${firewall_type} > fi -- Email: skafte@worldgate.com Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message