Date: Tue, 13 Feb 2007 21:37:13 -0800 From: "Kian Mohageri" <kian.mohageri@gmail.com> To: "Max Laier" <max@love2party.net> Cc: freebsd-rc@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf starts, but no rules Message-ID: <fee88ee40702132137q6abef8beu80c7813fcd27eaad@mail.gmail.com> In-Reply-To: <200702132226.40415.max@love2party.net> References: <45CDED58.2056.1A642A00@dan.langille.org> <45D1B27B.5615.291E28A7@dan.langille.org> <Pine.NEB.4.64.0702131407110.815@glacier.reedmedia.net> <200702132226.40415.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_53114_15089019.1171431433759 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline On 2/13/07, Max Laier <max@love2party.net> wrote: > > Does anyone have time to get something like this going for FreeBSD as > well? I tested out some solutions. I'm not sure if this is what you guys were looking to do, but NetBSD's solution seems fine. I'm not thrilled about using another rc-script to solve this issue, but I couldn't think of a simpler/more elegant solution. Diff is against CURRENT, and I don't currently have any boxes running CURRENT, but I tested it as much as I could. I'll get a box up to CURRENT later to test other patches. I couldn't decide what to pass in this initial ruleset. Passing SSH seems safe/smart, but surely not everyone will agree. Sorry if this is way off :) -- Kian Mohageri ------=_Part_53114_15089019.1171431433759 Content-Type: application/octet-stream; name=pf_early.diff Content-Transfer-Encoding: base64 X-Attachment-Id: f_ey5byb1p Content-Disposition: attachment; filename="pf_early.diff" ZGlmZiAtcnVOIGV0Yy9kZWZhdWx0cy9NYWtlZmlsZSBldGMubmV3L2RlZmF1bHRzL01ha2VmaWxl Ci0tLSBldGMvZGVmYXVsdHMvTWFrZWZpbGUJRnJpIERlYyAgOSAwNzoxOTozMSAyMDA1CisrKyBl dGMubmV3L2RlZmF1bHRzL01ha2VmaWxlCVR1ZSBGZWIgMTMgMjA6MDg6MjUgMjAwNwpAQCAtMSw2 ICsxLDYgQEAKICMgJEZyZWVCU0Q6IHNyYy9ldGMvZGVmYXVsdHMvTWFrZWZpbGUsdiAxLjcgMjAw NS8xMi8wOSAxNToxOTozMSBydSBFeHAgJAogCi1GSUxFUz0JYmx1ZXRvb3RoLmRldmljZS5jb25m IGRldmZzLnJ1bGVzIHBjY2FyZC5jb25mIHBlcmlvZGljLmNvbmYgcmMuY29uZgorRklMRVM9CWJs dWV0b290aC5kZXZpY2UuY29uZiBkZXZmcy5ydWxlcyBwY2NhcmQuY29uZiBwZXJpb2RpYy5jb25m IHBmLmVhcmx5LmNvbmYgcmMuY29uZgogTk9fT0JKPQogRklMRVNESVI9IC9ldGMvZGVmYXVsdHMK IApkaWZmIC1ydU4gZXRjL2RlZmF1bHRzL3BmLmVhcmx5LmNvbmYgZXRjLm5ldy9kZWZhdWx0cy9w Zi5lYXJseS5jb25mCi0tLSBldGMvZGVmYXVsdHMvcGYuZWFybHkuY29uZglXZWQgRGVjIDMxIDE2 OjAwOjAwIDE5NjkKKysrIGV0Yy5uZXcvZGVmYXVsdHMvcGYuZWFybHkuY29uZglUdWUgRmViIDEz IDIwOjA4OjAxIDIwMDcKQEAgLTAsMCArMSwyMiBAQAorIyAkRnJlZUJTRDogc3JjL2V0Yy9kZWZh dWx0cy9wZi5lYXJseS5jb25mJAorCisjIERlZmF1bHQgZGVueQorYmxvY2sgYWxsCisKKyMgRG9u J3QgZmlsdGVyIGxvb3BiYWNrIGludGVyZmFjZShzKSAKK3NldCBza2lwIG9uIGxvCisKKyMgQWxs b3cgaW5jb21pbmcgU1NICitwYXNzIGluIHByb3RvIHRjcCBmcm9tIGFueSB0byBhbnkgcG9ydCBz c2gga2VlcCBzdGF0ZQorCisjIEFsbG93IG91dGdvaW5nIEROUywgbmVlZGVkIGJ5IHBmY3RsIHRv IHJlc29sdmUgYW55IEZRRE5zCitwYXNzIG91dCBwcm90byB7IHRjcCwgdWRwIH0gZnJvbSBhbnkg dG8gYW55IHBvcnQgNTMga2VlcCBzdGF0ZQorCisjIEFsbG93IG91dGdvaW5nIHBpbmcKK3Bhc3Mg b3V0IGluZXQgcHJvdG8gaWNtcCBhbGwgaWNtcC10eXBlIGVjaG9yZXEga2VlcCBzdGF0ZQorCisj IEFsbG93IElQdjYgcm91dGVyL25laWdoYm9yIHNvbGljaXRhdGlvbiBhbmQgYWR2ZXJ0aXNlbWVu dAorcGFzcyBvdXQgaW5ldDYgcHJvdG8gaWNtcDYgYWxsIGljbXA2LXR5cGUgbmVpZ2hicnNvbAor cGFzcyBpbiBpbmV0NiBwcm90byBpY21wNiBhbGwgaWNtcDYtdHlwZSBuZWlnaGJyYWR2CitwYXNz IG91dCBpbmV0NiBwcm90byBpY21wNiBhbGwgaWNtcDYtdHlwZSByb3V0ZXJzb2wKK3Bhc3MgaW4g aW5ldDYgcHJvdG8gaWNtcDYgYWxsIGljbXA2LXR5cGUgcm91dGVyYWR2CmRpZmYgLXJ1TiBldGMv ZGVmYXVsdHMvcmMuY29uZiBldGMubmV3L2RlZmF1bHRzL3JjLmNvbmYKLS0tIGV0Yy9kZWZhdWx0 cy9yYy5jb25mCUZyaSBGZWIgIDkgMDQ6MTE6MjcgMjAwNworKysgZXRjLm5ldy9kZWZhdWx0cy9y Yy5jb25mCVR1ZSBGZWIgMTMgMjA6MzY6MjkgMjAwNwpAQCAtMTQ1LDYgKzE0NSwxMCBAQAogcGZf cnVsZXM9Ii9ldGMvcGYuY29uZiIJCSMgcnVsZXMgZGVmaW5pdGlvbiBmaWxlIGZvciBwZgogcGZf cHJvZ3JhbT0iL3NiaW4vcGZjdGwiCSMgd2hlcmUgdGhlIHBmY3RsIHByb2dyYW0gbGl2ZXMKIHBm X2ZsYWdzPSIiCQkJIyBhZGRpdGlvbmFsIGZsYWdzIGZvciBwZmN0bAorcGZfZWFybHlfZW5hYmxl PSJZRVMiCQkjIExvYWQgbWluaW1hbCBydWxlc2V0IHdoZW4gcGZfZW5hYmxlPSJZRVMiCisJCQkJ IyBiZWZvcmUgcm91dGluZyBpcyBlbmFibGVkLCBhZnRlciB3aGljaCB0aGUgCisJCQkJIyByZWFs IHJ1bGVzZXQgd2lsbCBiZSBsb2FkZWQKK3BmX2Vhcmx5X3J1bGVzPSIvZXRjL2RlZmF1bHRzL3Bm LmVhcmx5LmNvbmYiCSMgRGVmYXVsdCBtaW5pbWFsIHJ1bGVzZXQKIHBmbG9nX2VuYWJsZT0iTk8i CQkjIFNldCB0byBZRVMgdG8gZW5hYmxlIHBhY2tldCBmaWx0ZXIgbG9nZ2luZwogcGZsb2dfbG9n ZmlsZT0iL3Zhci9sb2cvcGZsb2ciCSMgd2hlcmUgcGZsb2dkIHNob3VsZCBzdG9yZSB0aGUgbG9n ZmlsZQogcGZsb2dfcHJvZ3JhbT0iL3NiaW4vcGZsb2dkIgkjIHdoZXJlIHRoZSBwZmxvZ2QgcHJv Z3JhbSBsaXZlcwpkaWZmIC1ydU4gZXRjL3JjLmQvTWFrZWZpbGUgZXRjLm5ldy9yYy5kL01ha2Vm aWxlCi0tLSBldGMvcmMuZC9NYWtlZmlsZQlTdW4gT2N0IDE1IDA3OjE5OjA2IDIwMDYKKysrIGV0 Yy5uZXcvcmMuZC9NYWtlZmlsZQlUdWUgRmViIDEzIDIwOjQyOjA5IDIwMDcKQEAgLTI3LDcgKzI3 LDcgQEAKIAluZXR3b3JrX2lwdjYgbmV3c3lzbG9nIG5mc2NsaWVudCBuZnNkIFwKIAluZnNsb2Nr aW5nIG5mc3NlcnZlciBuaXNkb21haW4gbnNzd2l0Y2ggbnRwZCBudHBkYXRlIFwKIAlvdGhlcm10 YSBcCi0JcGYgcGZsb2cgcGZzeW5jIFwKKwlwZiBwZl9lYXJseSBwZmxvZyBwZnN5bmMgXAogCXBv d2VyZCBwb3dlcl9wcm9maWxlIHBwcCBwcHBvZWQgcHdjaGVjayBcCiAJcXVvdGEgXAogCXJhbmRv bSByYXJwZCByZXNvbHYgcm9vdCBcCmRpZmYgLXJ1TiBldGMvcmMuZC9wZiBldGMubmV3L3JjLmQv cGYKLS0tIGV0Yy9yYy5kL3BmCVN1biBEZWMgMzEgMDI6Mzc6MTggMjAwNgorKysgZXRjLm5ldy9y Yy5kL3BmCVR1ZSBGZWIgMTMgMjA6MDk6MzMgMjAwNwpAQCAtNCw4ICs0LDcgQEAKICMKIAogIyBQ Uk9WSURFOiBwZgotIyBSRVFVSVJFOiByb290IG1vdW50Y3JpdGxvY2FsIG5ldGlmIHBmbG9nIHBm c3luYwotIyBCRUZPUkU6ICByb3V0aW5nCisjIFJFUVVJUkU6IHJvb3QgbW91bnRjcml0bG9jYWwg bmV0aWYgcGZsb2cgcGZzeW5jIHBmX2Vhcmx5CiAjIEtFWVdPUkQ6IG5vamFpbAogCiAuIC9ldGMv cmMuc3VicgpkaWZmIC1ydU4gZXRjL3JjLmQvcGZfZWFybHkgZXRjLm5ldy9yYy5kL3BmX2Vhcmx5 Ci0tLSBldGMvcmMuZC9wZl9lYXJseQlXZWQgRGVjIDMxIDE2OjAwOjAwIDE5NjkKKysrIGV0Yy5u ZXcvcmMuZC9wZl9lYXJseQlUdWUgRmViIDEzIDIwOjM1OjE4IDIwMDcKQEAgLTAsMCArMSwzNCBA QAorIyEvYmluL3NoCisjCisjICRGcmVlQlNEOiBzcmMvZXRjL3JjLmQvcGZfZWFybHksdiAxLjcu Mi40IDIwMDYvMDEvMjIgMTM6NDU6MjggeWFyIEV4cCAkCisjCisKKyMgUFJPVklERTogcGZfZWFy bHkKKyMgUkVRVUlSRTogcm9vdCBtb3VudGNyaXRsb2NhbCBuZXRpZiBwZmxvZyBwZnN5bmMKKyMg QkVGT1JFOiAgcm91dGluZworIyBLRVlXT1JEOiBub2phaWwKKworLiAvZXRjL3JjLnN1YnIKKwor bmFtZT0icGZfZWFybHkiCityY3Zhcj1gc2V0X3JjdmFyYAorbG9hZF9yY19jb25maWcgJG5hbWUK K3N0YXJ0X2NtZD0icGZfZWFybHlfc3RhcnQiCitzdG9wX2NtZD0iOiIKK3JlcXVpcmVkX2ZpbGVz PSIkcGZfZWFybHlfcnVsZXMiCityZXF1aXJlZF9tb2R1bGVzPSJwZiIKKworcGZfZWFybHlfc3Rh cnQoKQoreworCWVjaG8gIkVuYWJsaW5nIG1pbmltYWwgcGYgcnVsZXNldC4iCisJJHBmX3Byb2dy YW0gLUZhbGwgPiAvZGV2L251bGwgMj4mMQorCSRwZl9wcm9ncmFtIC1mICIkcGZfZWFybHlfcnVs ZXMiCisJaWYgISAkcGZfcHJvZ3JhbSAtcyBpbmZvIHwgZ3JlcCAtcSAiRW5hYmxlZCIgOyB0aGVu CisJCSRwZl9wcm9ncmFtIC1lCisJZmkKK30KKworIyBEb24ndCBkbyBhbnl0aGluZyB1bmxlc3Mg cGZfZW5hYmxlPSJZRVMiCitpZiBjaGVja3llc25vIHBmX2VuYWJsZTsgdGhlbgorCXJ1bl9yY19j b21tYW5kICIkMSIKK2ZpCg== ------=_Part_53114_15089019.1171431433759--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fee88ee40702132137q6abef8beu80c7813fcd27eaad>