Date: Thu, 13 Sep 2012 23:26:48 +0200 From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me> To: freebsd-pf@freebsd.org Subject: Patch for adding "options PF_DEFAULT_TO_DROP" to kernel configuration file Message-ID: <CA%2Bq%2BTcqL1e=SLa7fUXpCa5Lpospj0F=%2BcfLnAjWDwHFVFxjAMw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--0016e6de0425509dda04c99bf8ba Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, here is a little patch (tested on FreeBSD 9.1-RC1) that add a new option to the kernel configuration file: options PF_DEFAULT_TO_DROP Without this option, with an empty pf.conf:=A0All traffic are permit. With this option enabled, with an empty pf.conf: All traffic are dropped by default. If the attached file is removed, you can found the patch here: http://www.freebsd.org/cgi/query-pr.cgi?pr=3D171622 Regards, Olivier --0016e6de0425509dda04c99bf8ba Content-Type: application/octet-stream; name="freebsd.pf_drop.patch" Content-Disposition: attachment; filename="freebsd.pf_drop.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_h72ahf8k0 LS0tIHN5cy9jb250cmliL3BmL25ldC9wZl9pb2N0bC5jLm9yaWcJMjAxMi0wOS0wNiAxNTo0Nzo0 Ny4wMDAwMDAwMDAgKzAyMDAKKysrIHN5cy9jb250cmliL3BmL25ldC9wZl9pb2N0bC5jCTIwMTIt MDktMDYgMTU6NTY6MTYuMDAwMDAwMDAwICswMjAwCkBAIC0zODYsNyArMzg2LDExIEBACiAKIAkv KiBkZWZhdWx0IHJ1bGUgc2hvdWxkIG5ldmVyIGJlIGdhcmJhZ2UgY29sbGVjdGVkICovCiAJVl9w Zl9kZWZhdWx0X3J1bGUuZW50cmllcy50cWVfcHJldiA9ICZWX3BmX2RlZmF1bHRfcnVsZS5lbnRy aWVzLnRxZV9uZXh0OworCSNpZmRlZiBQRl9ERUZBVUxUX1RPX0RST1AKKyAgICBWX3BmX2RlZmF1 bHRfcnVsZS5hY3Rpb24gPSBQRl9EUk9QOworICAgICNlbHNlCiAJVl9wZl9kZWZhdWx0X3J1bGUu YWN0aW9uID0gUEZfUEFTUzsKKwkjZW5kaWYKIAlWX3BmX2RlZmF1bHRfcnVsZS5uciA9IC0xOwog CVZfcGZfZGVmYXVsdF9ydWxlLnJ0YWJsZWlkID0gLTE7CiAKQEAgLTQ3Myw3ICs0NzcsMTEgQEAK IAogCS8qIGRlZmF1bHQgcnVsZSBzaG91bGQgbmV2ZXIgYmUgZ2FyYmFnZSBjb2xsZWN0ZWQgKi8K IAlwZl9kZWZhdWx0X3J1bGUuZW50cmllcy50cWVfcHJldiA9ICZwZl9kZWZhdWx0X3J1bGUuZW50 cmllcy50cWVfbmV4dDsKKwkjaWZkZWYgUEZfREVGQVVMVF9UT19EUk9QCisJcGZfZGVmYXVsdF9y dWxlLmFjdGlvbiA9IFBGX0RST1A7CisJI2Vsc2UKIAlwZl9kZWZhdWx0X3J1bGUuYWN0aW9uID0g UEZfUEFTUzsKKwkjZW5kaWYKIAlwZl9kZWZhdWx0X3J1bGUubnIgPSAtMTsKIAlwZl9kZWZhdWx0 X3J1bGUucnRhYmxlaWQgPSAtMTsKIAotLS0gc3lzL2NvbmYvb3B0aW9ucy5vcmlnCTIwMTItMDkt MDYgMTU6NTk6NDAuMDAwMDAwMDAwICswMjAwCisrKyBzeXMvY29uZi9vcHRpb25zCTIwMTItMDkt MDYgMTY6MDA6NTkuMDAwMDAwMDAwICswMjAwCkBAIC00MjYsNiArNDI2LDcgQEAKIE5FVEFUQUxL CQlvcHRfYXRhbGsuaAogTkZTTE9DS0QKIFBDQkdST1VQCQlvcHRfcGNiZ3JvdXAuaAorUEZfREVG QVVMVF9UT19EUk9QCW9wdF9wZi5oCiBSQURJWF9NUEFUSAkJb3B0X21wYXRoLmgKIFJPVVRFVEFC TEVTCQlvcHRfcm91dGUuaAogU0xJUF9JRkZfT1BUUwkJb3B0X3NsaXAuaAotLS0gc3lzL2NvbmYv Tk9URVMub3JpZwkyMDEyLTA5LTA2IDE2OjU4OjExLjAwMDAwMDAwMCArMDIwMAorKysgc3lzL2Nv bmYvTk9URVMJMjAxMi0wOS0wNiAxNjoxNDo0Ny4wMDAwMDAwMDAgKzAyMDAKQEAgLTkxNiw2ICs5 MTYsOCBAQAogIyBwYWNrZXRzIHdpdGhvdXQgdG91Y2hpbmcgdGhlIFRUTCkuICBUaGlzIGNhbiBi ZSB1c2VmdWwgdG8gaGlkZSBmaXJld2FsbHMKICMgZnJvbSB0cmFjZXJvdXRlIGFuZCBzaW1pbGFy IHRvb2xzLgogIworIyBQRl9ERUZBVUxUX1RPX0RST1AgY2F1c2VzIHRoZSBkZWZhdWx0IHJ1bGUg KGF0IGJvb3QpIHRvIGRlbnkgZXZlcnl0aGluZy4KKyMgCiAjIFRDUERFQlVHIGVuYWJsZXMgY29k ZSB3aGljaCBrZWVwcyB0cmFjZXMgb2YgdGhlIFRDUCBzdGF0ZSBtYWNoaW5lCiAjIGZvciBzb2Nr ZXRzIHdpdGggdGhlIFNPX0RFQlVHIG9wdGlvbiBzZXQsIHdoaWNoIGNhbiB0aGVuIGJlIGV4YW1p bmVkCiAjIHVzaW5nIHRoZSB0cnB0KDgpIHV0aWxpdHkuCkBAIC05MzMsNiArOTM1LDcgQEAKIG9w dGlvbnMgCUlQRklMVEVSX0xPT0tVUAkJI2lwZmlsdGVyIHBvb2xzCiBvcHRpb25zIAlJUEZJTFRF Ul9ERUZBVUxUX0JMT0NLCSNibG9jayBhbGwgcGFja2V0cyBieSBkZWZhdWx0CiBvcHRpb25zIAlJ UFNURUFMVEgJCSNzdXBwb3J0IGZvciBzdGVhbHRoIGZvcndhcmRpbmcKK29wdGlvbnMJCVBGX0RF RkFVTFRfVE9fRFJPUAkJI2Ryb3AgZXZlcnl0aGluZyBieSBkZWZhdWx0CiBvcHRpb25zIAlUQ1BE RUJVRwogCiAjIFRoZSBNQlVGX1NUUkVTU19URVNUIG9wdGlvbiBlbmFibGVzIG9wdGlvbnMgd2hp Y2ggY3JlYXRlCg== --0016e6de0425509dda04c99bf8ba--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcqL1e=SLa7fUXpCa5Lpospj0F=%2BcfLnAjWDwHFVFxjAMw>