Date: Thu, 13 Jan 2000 17:21:52 +0200 From: Giorgos Keramidas <charon@hades.hell.gr> To: freebsd-newbies@freebsd.org Subject: Contributing patch for ipfilter? Message-ID: <20000113172152.G2590@hades.hell.gr>
next in thread | raw e-mail | index | archive | help
I installed Darren's ipfilter yesterday, and after making a few changes to my /etc files I came up with the patch below. Do you think I could send the thing to freebsd-hackers for others to test / refine? If this is an option, how should I go about doing it? :) The patch adds to rc.conf the variables: ipf_{enable|program|flags} ipnat_{enable|program|flags} ipmon_{enable_program|flags} and a bunch o' shell lines to /etc/rc.network. Ciao. "Giorgos E. Keramidas" < keramida @ ceid . upatras . gr > -- patch follows -- diff -r -c etc.orig/defaults/rc.conf etc/defaults/rc.conf *** etc.orig/defaults/rc.conf Sun Nov 28 18:02:30 1999 --- etc/defaults/rc.conf Thu Jan 13 00:12:37 2000 *************** *** 44,49 **** --- 44,58 ---- natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. + ipf_program="/sbin/ipf" # path to ipf, if you got it somewhere else + ipf_enable="YES" # Set to YES to enable ipfilter firewall + ipf_flags="-f /etc/ipf.conf" # Additional flags to pass to ipfilter + ipnat_program="/usr/sbin/ipnat" # path to ipnat, ipfilter's nat daemon + ipnat_enable="YES" # Set to YES, to enable ipnat functionality. + ipnat_flags="-f /etc/ipnat.conf" # Additional flags to pass to ipnat daemon + ipmon_program="/usr/sbin/ipmon" # path to ipmon, logger of ipfilter + ipmon_enable="YES" # Set to YES to enable ipfilter logging + ipmon_flags="-a -s" # -a = log everything, -s = to syslogd tcp_extensions="NO" # Disallow RFC1323 extensions (or YES). log_in_vain="NO" # Disallow bad connection logging (or YES). tcp_keepalive="YES" # Kill dead TCP connections (or NO). diff -r -c etc.orig/rc.network etc/rc.network *** etc.orig/rc.network Fri Dec 17 01:47:22 1999 --- etc/rc.network Thu Jan 13 00:02:43 2000 *************** *** 113,118 **** --- 113,146 ---- echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} fi + # Initialize filtering using ipfilter. + echo "" + ipf -F a > /dev/null 2>&1 + if [ $? = 0 ] ; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + + if [ $ipfilter_in_kernel = 0 -a "x$ipf_enable" = "xYES" ] ; then + # No kld support for ipfilter yet? + echo "Warning: ipfilter is not supported." + fi + + # Load filters if required + if [ $ipfilter_in_kernel = 1 ] ; then + if [ X"$ipf_enable" = X"YES" ] ; then + echo -n ' ipf'; ${ipf_program} ${ipf_flags} + fi + if [ X"$ipnat_enable" = X"YES" ] ; then + echo -n ' ipnat'; ${ipnat_program} ${ipnat_flags} + fi + if [ X"$ipmon_enable" = X"YES" ] ; then + echo -n ' ipmon'; ${ipmon_program} ${ipmon_flags} & + fi + echo '.' + fi + # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000113172152.G2590>