Commit Graph

30 Commits

Author SHA1 Message Date
paul
b13c6e47a4 Add a firewall_flags option that is used when ipfw processes a file. It allows
you to run a preprocessor, such as m4, so that you can use macros in your
rules file.

Approved by:	jkh
2000-02-06 19:25:00 +00:00
rgrimes
a0ffc4263e Update this with the additional nets recomended by reading
draft-manning-dsua-01.txt.

Stop using public addresses as samples and use the recommended
192.0.2.0/24 netblock that has specifically been set aside for
documentation purposes.

Reviewed by:	readers of freebsd-security did not respond to a request
                for review
2000-01-28 11:30:28 +00:00
obrien
29b97917c7 Minor whitespace fix. 1999-12-04 01:27:51 +00:00
ru
29f0cf9eff Pass IP fragments with non-zero offset. The semantics of matching
IP fragments has been changed in src/sys/netinet/ip_fw.c,v 1.78.

Reminded by:	"Ronald F. Guilmette" <rfg@monkeys.com>
1999-11-04 10:13:59 +00:00
nsayer
0c8e431284 Add commented entry to the lo0 section inviting bridge users to
enable ARP on filtering bridges.
1999-10-24 00:26:49 +00:00
ru
6af09970c5 Allow for incoming DNS UDP queries. 1999-10-20 08:15:13 +00:00
mpp
d4a3436e7d Fix a typo in a comment. 1999-09-30 04:55:23 +00:00
sheldonh
7ca175b31f Apply a consistent style to most of the etc scripts. Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.

Changes discussed on freebsd-hackers.

Submitted by:	Doug Barton <Doug@gorean.org>
1999-09-13 15:44:20 +00:00
peter
cdad5bae8c $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
sheldonh
c73504342c Style clean-up:
* All variables are now embraced: ${foo}

	* All comparisons against some value now take the form:
	  [ "${foo}" ? "value" ]
	  where ? is a comparison operator

	* All empty string tests now take the form:
	  [ -z "${foo}" ]

	* All non-empty string tests now take the form:
	  [ -n "${foo}" ]

Submitted by:	jkh
1999-08-25 16:01:45 +00:00
jkh
889621dc3f Use /etc/defaults/rc.conf everywhere, falling back to /etc/rc.conf
as necessary (for half-assed upgrades).
1999-02-10 18:08:16 +00:00
alex
313beced3d Strengthen the rules governing the 127.0.0.0/8 subnet. The previous rules
allowed external hosts to send packets to the 127.0.0.0/8 subnet on the
firewall host.

Renumber the lo0 rules to guarantee they appear first.

PR:		6406
Submitted by:	Archie Cobbs <archie@whistle.com>
1998-04-25 00:40:55 +00:00
brian
7ecfe342d3 Add natd support.
PR:		6339
Submitted by:	cdillon@wolves.k12.mo.us
1998-04-18 10:27:19 +00:00
phk
87d9db29a5 Better RFC1918 network protection
PR:		6278
Reviewed by:	phk
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
1998-04-15 16:41:14 +00:00
adam
5a82ece422 get default firewall type from rc.conf 1998-02-10 01:45:57 +00:00
danny
ea76c052b2 MF22 - make firewall_type a little more robust 1997-10-21 00:54:08 +00:00
danny
19ea78c7dd Fix some problems in the rules file loading and need for modload detection.
Found by: "James E. Housley" <housley@pr-comm.com>
1997-09-18 22:43:48 +00:00
danny
1bac7344dc Reviewed by: msmith, alex
Cosmetic changes to the loading of firewall rules and lkm.
1997-09-11 10:59:02 +00:00
jkh
95411dc67e Add inetd_flags and way of passing ipfw a configuration file
(if firewall = "somefilename").

Fix typo fixes and URLs which were accidently nuked out of this
file (submitted by: soil@quick.net via PR#3501).

Submitted by:	"Danny J. Zerkel" <dzerkel@phofarm.com>
1997-05-05 07:08:31 +00:00
jkh
9a3d5ad940 Update the etc world from RELENG_2_2 which is now more up-to-date
(gotta get myself -current again, this is a drag).

Also-fixes-problems-noted-by: Wolfgang Helbig & Joerg Wunsch
1997-05-03 11:22:17 +00:00
alex
f236327a20 Typo police.
Added links to O'Reilly & Associates and Addison-Wesley's web sites
to accompany the book recommendations.
1997-04-27 20:12:34 +00:00
jkh
560307f103 Bring in rc file changes from -current. 1997-04-27 03:59:19 +00:00
peter
0e0dfca0f9 Revert $FreeBSD$ to $Id$ 1997-02-23 09:21:14 +00:00
jkh
9c0cd3f9df Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
adam
80398b2ce8 don't ask for confirmation 1996-09-05 11:22:09 +00:00
wosch
1103cb1a44 space typo, the shell don't like name=<space>value 1996-08-19 15:34:29 +00:00
jkh
a5d3c31004 Remove root dotfiles which did more harm than good. 1996-08-14 14:42:05 +00:00
alex
0c155d8c74 Flush out the rules before adding entries. This prevents duplicate
rules from appearing when switching back and forth from single to
multi-user modes.
1996-06-22 00:54:36 +00:00
phk
2ecca44caa Add another good book to the required reading.
make a couple of rules more sensible.

Reviewed by:	phk
Submitted by:	jmb
1996-04-12 09:16:42 +00:00
phk
2757aa2513 Add skeleton firewall setup(s). Comments very welcome. 1996-04-03 17:13:59 +00:00