Allow the network addresses and interface names for the "client" and

"workstation" firewall types to be set from rc.conf so that rc.firewall no longer needs local patching to be usable for those types. For now I've set the variables in /etc/defaults/rc.conf to the previous defaults in /etc/rc.firewall. PR: bin/65258 Submitted by: Valentin Nechayev netch of netch.kiev.ua Silence from: net MFC after: 2 weeks
svn path=/head/; revision=181762
2008-08-15 19:20:59 +00:00 · 2008-08-15 19:20:59 +00:00 · 66f8d384cf · 2020-12-20 02:59:44 +00:00
commit 66f8d384cf
parent 176baffe3f
2 changed files with 24 additions and 6 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -115,6 +115,15 @@ firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
+firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
+firewall_simple_iif="ed1"	# Inside network interface for "simple"
+				# firewall.
+firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
+				# firewall.
+firewall_simple_oif="ed0"	# Outside network interface for "simple"
+				# firewall.
+firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
+				# firewall.
 firewall_myservices=""		# List of TCP ports on which this host
 				# offers services for "workstation" firewall.
 firewall_allowservices=""	# List of IPs which have access to
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@ -164,10 +164,13 @@ case ${firewall_type} in
 	############
 	# This is a prototype setup that will protect your system somewhat
 	# against people from outside your own network.
+	#
+	# Configuration:
+	#  firewall_client_net:		Network address of local network.
 	############

-	# set these to your network
-	net="192.0.2.0/24"
+	# set this to your local network
+	net="$firewall_client_net"

 	# Allow limited broadcast traffic from my own net.
 	${fwcmd} add pass all from ${net} to 255.255.255.255
@ -207,15 +210,21 @@ case ${firewall_type} in
 	# This is a prototype setup for a simple firewall.  Configure this
 	# machine as a DNS and NTP server, and point all the machines
 	# on the inside at this machine for those services.
+	#
+	# Configuration:
+	#  firewall_simple_iif:		Inside network interface.
+	#  firewall_simple_inet:	Inside network address.
+	#  firewall_simple_oif:		Outside network interface.
+	#  firewall_simple_onet:	Outside network address.
 	############

 	# set these to your outside interface network
-	oif="ed0"
-	onet="192.0.2.0/28"
+	oif="$firewall_simple_oif"
+	onet="$firewall_simple_onet"

 	# set these to your inside interface network
-	iif="ed1"
-	inet="192.0.2.16/28"
+	iif="$firewall_simple_iif"
+	inet="$firewall_simple_inet"

 	# Stop spoofing
 	${fwcmd} add deny all from ${inet} to any in via ${oif}