Date: Fri, 4 Jan 2002 13:08:38 -0500 (EST) From: "Stephen J. Roznowski" <sjr@home.com> To: FreeBSD-gnats-submit@freebsd.org Subject: conf/33545: Add variables to rc.conf for rc.firewall Message-ID: <200201041808.g04I8ci17205@cc158233-a.catv1.md.home.com>
next in thread | raw e-mail | index | archive | help
>Number: 33545
>Category: conf
>Synopsis: Add variables to rc.conf for rc.firewall
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 04 10:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Stephen J. Roznowski
>Release: FreeBSD 4.5-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD istari.home.com 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #0: Wed Jan 2 15:56:51 EST 2002 sjr@istari.home.com:/usr/obj/usr/src/sys/ISTARI i386
>Description:
Right now, you need to edit rc.firewall to set variables before
use. The attached patch creates a series of variables in rc.conf
to remove the need to edit rc.firewall.
>How-To-Repeat:
>Fix:
--- etc/defaults/rc.conf.orig Thu Jan 3 23:23:55 2002
+++ etc/defaults/rc.conf Thu Jan 3 23:47:18 2002
@@ -50,6 +50,17 @@
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
+firewall_client_net="192.0.2.0" # Client firewall network
+firewall_client_mask="255.255.255.0" # Client firewall netmask
+firewall_client_ip="192.0.2.1" # Client firewall IP address
+firewall_simple_oif="ed0" # Simple firewall outside interface
+firewall_simple_onet="192.0.2.0" # Simple firewall outside network
+firewall_simple_omask="255.255.255.240" # Simple firewall outside netmask
+firewall_simple_oip="192.0.2.1" # Simple firewall outside IP address
+firewall_simple_iif="ed1" # Simple firewall inside interface
+firewall_simple_inet="192.0.2.16" # Simple firewall inside network
+firewall_simple_imask="255.255.255.240" # Simple firewall inside netmask
+firewall_simple_iip="192.0.2.17" # Simple firewall inside IP address
ip_portrange_first="NO" # Set first dynamically allocated port
ip_portrange_last="NO" # Set last dynamically allocated port
ipsec_enable="NO" # Set to YES to run setkey on ipsec_file
@@ -291,6 +302,17 @@
ipv6_firewall_quiet="NO" # Set to YES to suppress rule display
ipv6_firewall_logging="NO" # Set to YES to enable events logging
ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file
+ipv6_firewall_client_net="3ffe:505:2:1::" # Client firewall network
+ipv6_firewall_client_prefixlen="64" # Client firewall prefixlen
+ipv6_firewall_client_ip="3ffe:505:2:1::1" # Client firewall IP
+ipv6_firewall_simple_oif="ed0" # Simple firewall outside interface
+ipv6_firewall_simple_onet="3ffe:505:2:1::" # Simple firewall outside network
+ipv6_firewall_simple_oprefixlen="64" # Simple firewall outside netmask
+ipv6_firewall_simple_oip="3ffe:505:2:1::1" # Simple firewall outside IP
+ipv6_firewall_simple_iif="ed1" # Simple firewall inside interface
+ipv6_firewall_simple_inet="3ffe:505:2:2::" # Simple firewall inside network
+ipv6_firewall_simple_iprefixlen="64" # Simple firewall inside netmask
+ipv6_firewall_simple_iip="3ffe:505:2:2::1" # Simple firewall inside IP address
##############################################################
### System console options #################################
--- etc/rc.firewall.orig Thu Jan 3 23:23:55 2002
+++ etc/rc.firewall Thu Jan 3 23:31:56 2002
@@ -147,9 +147,9 @@
############
# set these to your network and netmask and ip
- net="192.0.2.0"
- mask="255.255.255.0"
- ip="192.0.2.1"
+ net=${firewall_client_net}
+ mask=${firewall_client_mask}
+ ip=${firewall_client_ip}
# Allow any traffic to or from my own net.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
@@ -189,16 +189,16 @@
############
# set these to your outside interface network and netmask and ip
- oif="ed0"
- onet="192.0.2.0"
- omask="255.255.255.240"
- oip="192.0.2.1"
+ oif=${firewall_simple_oif}
+ onet=${firewall_simple_onet}
+ omask=${firewall_simple_omask}
+ oip=${firewall_simple_oip}
# set these to your inside interface network and netmask and ip
- iif="ed1"
- inet="192.0.2.16"
- imask="255.255.255.240"
- iip="192.0.2.17"
+ iif=${firewall_simple_iif}
+ inet=${firewall_simple_inet}
+ imask=${firewall_simple_imask}
+ iip=${firewall_simple_iip}
# Stop spoofing
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
--- etc/rc.firewall6.orig Thu Jan 3 23:23:55 2002
+++ etc/rc.firewall6 Thu Jan 3 23:44:23 2002
@@ -110,9 +110,9 @@
#
# This needs more work
#
- net="3ffe:505:2:1::"
- prefixlen="64"
- ip="3ffe:505:2:1::1"
+ net=${ipv6_firewall_client_net}
+ prefixlen=${ipv6_firewall_client_prefixlen}
+ ip=${ipv6_firewall_client_ip}
# Allow any traffic to or from my own net.
${fw6cmd} add pass all from ${ip} to ${net}/${prefixlen}
@@ -164,16 +164,16 @@
############
# set these to your outside interface network and prefixlen and ip
- oif="ed0"
- onet="3ffe:505:2:1::"
- oprefixlen="64"
- oip="3ffe:505:2:1::1"
+ oif=${ipv6_firewall_simple_oif}
+ onet=${ipv6_firewall_simple_onet}
+ oprefixlen=${ipv6_firewall_simple_oprefixlen}
+ oip=${ipv6_firewall_simple_oip}
# set these to your inside interface network and prefixlen and ip
- iif="ed1"
- inet="3ffe:505:2:2::"
- iprefixlen="64"
- iip="3ffe:505:2:2::1"
+ iif=${ipv6_firewall_simple_iif}
+ inet=${ipv6_firewall_simple_inet}
+ iprefixlen=${ipv6_firewall_simple_iprefixlen}
+ iip=${ipv6_firewall_simple_iip}
# Stop spoofing
${fw6cmd} add deny all from ${inet}/${iprefixlen} to any in via ${oif}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201041808.g04I8ci17205>