From owner-freebsd-security Wed Jan 19 21: 3:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from inago.swcp.com (inago.swcp.com [198.59.115.17]) by hub.freebsd.org (Postfix) with ESMTP id 79A9E152A9; Wed, 19 Jan 2000 21:03:16 -0800 (PST) (envelope-from synk@swcp.com) Received: (from synk@localhost) by inago.swcp.com (8.8.7/8.8.7) id WAA07214; Wed, 19 Jan 2000 22:03:15 -0700 (MST) Date: Wed, 19 Jan 2000 22:03:15 -0700 From: Brendan Conoboy To: freebsd-security@freebsd.org Cc: freebsd-config@freebsd.org Subject: ipf/ipfw/nat rc patch, rule generator Message-ID: <20000119220315.A7210@inago.swcp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everybody, A couple weeks ago I promised people I'd write a patch that integrates ipf into FreeBSD's startup scripts. Here's what it does: Rearranges some things in rc.conf (relative to freebsd-current from a couple days ago, cvs tag in the diff), adding a number of features. Rewrites rc.firewall to: 1) Use either ipf, ipfw, some third party program, or nothing at all 2) Auto generate a sensible rule list, if configured to do so in rc.conf Creates rc.nat, the nat equivalent of rc.firewall rc.nat also generates a sensible rule list, if configured to do so. Updates rc.network to work with the new system Two additional files are introduced, /etc/nat.conf and /etc/firewall.conf. This is where the associated rules are stored. This is a change from the ipfw configuration being stored in the middle of rc.firewall. In order to not bog down the list, you can download the patch at: http://www.swcp.com/~synk/ipfmerge.patch All feedback would be much appreciated. I'd really like this to go into freebsd 4.0, or have something resembling this to go in. -Brendan (synk@swcp.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message