From owner-freebsd-security Fri Nov 17 20: 0:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp2.cluster.oleane.net (smtp2.cluster.oleane.net [195.25.12.17]) by hub.freebsd.org (Postfix) with ESMTP id 2C8FC37B479 for ; Fri, 17 Nov 2000 20:00:10 -0800 (PST) Received: from diabolic-cow.321.net (dyn-1-1-005.Orl.dialup.oleane.fr [195.25.26.5]) by smtp2.cluster.oleane.net with ESMTP id eAI406C38242 for ; Sat, 18 Nov 2000 05:00:07 +0100 (CET) Received: by diabolic-cow.321.net (Postfix, from userid 1000) id 893CB82; Sat, 18 Nov 2000 00:11:06 +0100 (CET) Date: Sat, 18 Nov 2000 00:11:06 +0100 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= To: freebsd-security@FreeBSD.ORG Subject: Re: PPP NAT Gateway security Message-ID: <20001118001106.B21621@diabolic-cow.321.net> References: <00c801c04dc4$12a89220$0200a8c0@n2> <20001114144513.A888@grok> <001c01c04e97$c69c3c90$0200a8c0@n2> <20001114211934.B888@grok> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20001114211934.B888@grok>; from sreid@sea-to-sky.net on Tue, Nov 14, 2000 at 09:19:34PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 14, 2000 at 09:19:34PM -0800, Steve Reid wrote: ... > This is what I've whipped up for my ipfilter config: > > http://sea-to-sky.net/~sreid/ipfinit > A simple little sh script that takes an interface name (fxp0 in my > case, tun0 in yours) as an argument and extracts the IP address > information from ifconfig, then performs the appropriate substitutions > on ipf.cfg and feeds the results to ipf. OpenBSD did the same thing but integrated it in the ipfilter source. Look at src/sbin/ipf/parse.c (search for 'if_addr') and src/sbin/ipf/ifaddr.[ch] in the obsd CVS tree. -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message