This commit was generated by cvs2svn to compensate for changes in r95419,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Darren Reed
commit
1192f4fd9c
@ -7,6 +7,8 @@
|
||||
#
|
||||
BINDEST=/usr/sbin
|
||||
SBINDEST=/sbin
|
||||
SEARCHDIRS=$(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin \
|
||||
/usr/local/bin /usr/local/sbin
|
||||
MANDIR=/usr/share/man
|
||||
CC=cc -Wall -Wstrict-prototypes -Wuninitialized -O
|
||||
CFLAGS=-g -I$(TOP)
|
||||
@ -49,6 +51,14 @@ IPNAT=ipnat.o kmem.o natparse.o common.o printnat.o
|
||||
FILS=fils.o parse.o kmem.o opt.o facpri.o common.o printstate.o
|
||||
|
||||
build all: ipf ipfs ipfstat ipftest ipmon ipnat $(LKM)
|
||||
/bin/rm -f $(TOP)/ipf
|
||||
ln -s `pwd`/ipf $(TOP)
|
||||
/bin/rm -f $(TOP)/ipftest
|
||||
ln -s `pwd`/ipftest $(TOP)
|
||||
/bin/rm -f $(TOP)/ipmon
|
||||
ln -s `pwd`/ipmon $(TOP)
|
||||
/bin/rm -f $(TOP)/ipnat
|
||||
ln -s `pwd`/ipnat $(TOP)
|
||||
|
||||
ipfstat: $(FILS)
|
||||
$(CC) -static $(DEBUG) $(CFLAGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
|
||||
@ -56,13 +66,9 @@ ipfstat: $(FILS)
|
||||
|
||||
ipf: $(IPF)
|
||||
$(CC) -static $(DEBUG) $(CFLAGS) $(IPF) -o $@ $(LIBS)
|
||||
/bin/rm -f $(TOP)/ipf
|
||||
ln -s `pwd`/ipf $(TOP)
|
||||
|
||||
ipftest: $(IPT)
|
||||
$(CC) $(DEBUG) $(CFLAGS) $(IPT) -o $@ $(LIBS)
|
||||
/bin/rm -f $(TOP)/ipftest
|
||||
ln -s `pwd`/ipftest $(TOP)
|
||||
|
||||
ipnat: $(IPNAT)
|
||||
$(CC) -static $(DEBUG) $(CFLAGS) $(IPNAT) -o $@ $(LIBS) -lkvm
|
||||
@ -220,8 +226,6 @@ facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h
|
||||
|
||||
ipmon: $(TOP)/ipmon.c
|
||||
$(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS)
|
||||
/bin/rm -f $(TOP)/ipmon
|
||||
ln -s `pwd`/ipmon $(TOP)
|
||||
|
||||
clean:
|
||||
${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipnat \
|
||||
@ -250,8 +254,8 @@ install:
|
||||
ipfstat:$(SBINDEST) ipftest:$(SBINDEST) ipmon:$(BINDEST); do \
|
||||
def="`expr $$i : '[^:]*:\(.*\)'`"; \
|
||||
p="`expr $$i : '\([^:]*\):.*'`"; \
|
||||
for d in $(BINDEST) $(SBINDEST); do \
|
||||
if [ -f $$d/$$i ] ; then \
|
||||
for d in $(SEARCHDIRS); do \
|
||||
if [ -f $$d/$$p ] ; then \
|
||||
echo "$(INSTALL) -cs -g wheel -m 755 -o root $$p $$d"; \
|
||||
$(INSTALL) -cs -g wheel -m 755 -o root $$p $$d; \
|
||||
dd=$$d; \
|
||||
|
||||
@ -8,6 +8,15 @@ set -e
|
||||
argv0=`basename $0`
|
||||
dir=`pwd`
|
||||
karch=`uname -m`
|
||||
os=`uname -s`
|
||||
if [ $os = FreeBSD ] ; then
|
||||
rev=`uname -r`
|
||||
rev=`expr $rev : '\([0-9]*\)\..*'`
|
||||
if [ $rev = 2 ] ; then
|
||||
echo "Copying /usr/include/osreldate.h to /sys/sys"
|
||||
cp /usr/include/osreldate.h /sys/sys
|
||||
fi
|
||||
fi
|
||||
archdir="/sys/arch/$karch"
|
||||
ipfdir=/sys/netinet
|
||||
if [ -d /sys/contrib/ipfilter ] ; then
|
||||
|
||||
@ -28,11 +28,13 @@ echo ""
|
||||
echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"
|
||||
ln -s /usr/include/osreldate.h /sys/sys/osreldate.h
|
||||
|
||||
patchfile=FreeBSd-4.0/ipv6-patch-$krev
|
||||
set patchfile=FreeBSd-4.0/ipv6-patch-$krev
|
||||
if ( -f $patchfile ) then
|
||||
echo ""
|
||||
echo "Patching ip6_input.c and ip6_output.c"
|
||||
cat $patchfile | (cd /sys/netinet6; patch)
|
||||
else
|
||||
echo "IPv6 patching not required for your OS version"
|
||||
endif
|
||||
|
||||
set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
|
||||
|
||||
@ -22,6 +22,59 @@
|
||||
# and especially those who have found the time to port IP Filter to new
|
||||
# platforms.
|
||||
#
|
||||
3.4.26 25/04/2002 - Released
|
||||
|
||||
fix parsing and printing of NAT rules with regression tests.
|
||||
|
||||
add code to adjust TCP checksums inside ICMP errors where present and as
|
||||
required for NAT.
|
||||
|
||||
fix documentation problems in instal documents
|
||||
|
||||
fix locking problem with auth code on Solaris
|
||||
|
||||
fix use of version macros for FreeBSD and make the use of __FreeBSD_version
|
||||
override previous hacks except when not present
|
||||
|
||||
fix the macros defined for SIOCAUTHR and SIOCAUTHW
|
||||
|
||||
fix the H.323 proxy so it no longer panics (multiple issues: re-entry into
|
||||
nat_ioctl with lock held on Solaris, trying to copy data from kernel space
|
||||
with copyin, unaligned access to get 32bit & 16bit numbers)
|
||||
|
||||
use the ip_ttl ndd parameter on Solaris to fill in ip_ttl for packets
|
||||
generated by IPFilter
|
||||
|
||||
fix comparing state information to delete state table entries
|
||||
|
||||
flag packets as being "bad state" if they're outside the window and prevent
|
||||
them from being able to cause new state to be created - except for SYN packets
|
||||
|
||||
be stricter about what packets match a TCP state table entry if its creation
|
||||
was triggered by a SYN packet.
|
||||
|
||||
add patches to handle TCP window scaling
|
||||
|
||||
don't update TCP state table entries if the packet is not considered to be
|
||||
part of the connection
|
||||
|
||||
ipfs wasn't allowing -i command line option in getopt
|
||||
|
||||
IRIX: fix kvm interface, fix compile warnings, compile the kernel with -O2
|
||||
regardless of user compile, fix the getkflags script to prune down the
|
||||
output more so it is acceptable
|
||||
|
||||
change building in Makefiles to create links to the application in $(TOP)
|
||||
at the end of "build" rather than when each is created.
|
||||
|
||||
update BSD/kupgrade for FreeBSD
|
||||
|
||||
l4check wasn't properly closing things when a connection fails
|
||||
|
||||
man page updates for ipmon(8) and ipnat(5)
|
||||
|
||||
more regression tests added.
|
||||
|
||||
3.4.25 13/03/2002 - Released
|
||||
|
||||
retain rule # in state information
|
||||
|
||||
@ -94,7 +94,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.34 2002/02/22 15:32:45 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.35 2002/04/03 14:18:36 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern char *optarg;
|
||||
@ -1200,15 +1200,15 @@ int topclosed;
|
||||
if (c == ERR)
|
||||
continue;
|
||||
|
||||
if (tolower(c) == 'l') {
|
||||
if (isalpha(c) && isupper(c))
|
||||
c = tolower(c);
|
||||
if (c == 'l') {
|
||||
redraw = 1;
|
||||
} else if (tolower(c) == 'q') {
|
||||
nocbreak();
|
||||
endwin();
|
||||
exit(0);
|
||||
} else if (tolower(c) == 'r') {
|
||||
} else if (c == 'q') {
|
||||
break; /* exits while() loop */
|
||||
} else if (c == 'r') {
|
||||
reverse = !reverse;
|
||||
} else if (tolower(c) == 's') {
|
||||
} else if (c == 's') {
|
||||
sorting++;
|
||||
if (sorting > STSORT_MAX)
|
||||
sorting = 0;
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.15 2001/12/26 22:28:51 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.16 2002/04/05 08:43:25 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -61,6 +61,7 @@ int fr_running = 0;
|
||||
int ipl_unreach = ICMP_UNREACH_HOST;
|
||||
u_long ipl_frouteok[2] = {0, 0};
|
||||
static int frzerostats __P((caddr_t));
|
||||
static u_long *ip_ttl_ptr;
|
||||
|
||||
static int frrequest __P((minor_t, int, caddr_t, int));
|
||||
static int send_ip __P((fr_info_t *fin, mblk_t *m));
|
||||
@ -107,6 +108,8 @@ int ipldetach()
|
||||
|
||||
int iplattach __P((void))
|
||||
{
|
||||
int i;
|
||||
|
||||
#ifdef IPFDEBUG
|
||||
cmn_err(CE_CONT, "iplattach()\n");
|
||||
#endif
|
||||
@ -133,6 +136,19 @@ int iplattach __P((void))
|
||||
return -1;
|
||||
if (appr_init() == -1)
|
||||
return -1;
|
||||
|
||||
ip_ttl_ptr = NULL;
|
||||
/*
|
||||
* XXX - There is no terminator for this array, so it is not possible
|
||||
* to tell if what we are looking for is missing and go off the end
|
||||
* of the array.
|
||||
*/
|
||||
for (i = 0; ; i++) {
|
||||
if (!strcmp(ip_param_arr[i].ip_param_name, "ip_def_ttl")) {
|
||||
ip_ttl_ptr = &ip_param_arr[i].ip_param_value;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -774,7 +790,7 @@ mblk_t *m;
|
||||
|
||||
ip = (ip_t *)m->b_rptr;
|
||||
ip->ip_v = IPVERSION;
|
||||
ip->ip_ttl = 60;
|
||||
ip->ip_ttl = (u_char)(*ip_ttl_ptr);
|
||||
ip_wput(((qif_t *)fin->fin_qif)->qf_ill->ill_wq, m);
|
||||
}
|
||||
READ_ENTER(&ipf_solaris);
|
||||
@ -894,7 +910,7 @@ int dst;
|
||||
ip->ip_p = IPPROTO_ICMP;
|
||||
ip->ip_id = oip->ip_id;
|
||||
ip->ip_sum = 0;
|
||||
ip->ip_ttl = 60;
|
||||
ip->ip_ttl = (u_char)(*ip_ttl_ptr);
|
||||
ip->ip_tos = oip->ip_tos;
|
||||
ip->ip_len = (u_short)htons(sz);
|
||||
if (dst == 0) {
|
||||
|
||||
@ -50,7 +50,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.13 2002/02/22 15:32:53 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.14 2002/04/10 04:56:36 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#if SOLARIS
|
||||
@ -225,7 +225,7 @@ u_int enable;
|
||||
if (ioctl(fd, SIOCFRENB, &enable) == -1) {
|
||||
if (errno == EBUSY)
|
||||
fprintf(stderr,
|
||||
"IP FIlter: already initialized\n");
|
||||
"IP Filter: already initialized\n");
|
||||
else
|
||||
perror("SIOCFRENB");
|
||||
}
|
||||
|
||||
@ -45,7 +45,7 @@
|
||||
#include "ipf.h"
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.8 2001/09/14 18:52:21 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.9 2002/04/17 17:42:59 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#ifndef IPF_SAVEDIR
|
||||
@ -208,7 +208,7 @@ char *argv[];
|
||||
int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0;
|
||||
char *dirname = NULL, *filename = NULL, *ifs = NULL;
|
||||
|
||||
while ((c = getopt(argc, argv, "d:f:lNnSRruvWw")) != -1)
|
||||
while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
|
||||
switch (c)
|
||||
{
|
||||
case 'd' :
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
# endif
|
||||
#endif
|
||||
#ifdef __sgi
|
||||
# define _KMEMUSER
|
||||
# include <sys/ptimers.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
@ -63,7 +64,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.19 2002/03/11 03:30:51 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.21 2002/03/26 15:54:40 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern char *optarg;
|
||||
@ -113,10 +114,13 @@ char *argv[];
|
||||
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:STvxX")) != -1)
|
||||
switch (c)
|
||||
{
|
||||
#ifdef USE_INET6
|
||||
case '6' :
|
||||
#ifdef USE_INET6
|
||||
use_inet6 = 1;
|
||||
break;
|
||||
#else
|
||||
fprintf(stderr, "IPv6 not supported\n");
|
||||
exit(1);
|
||||
#endif
|
||||
case 'b' :
|
||||
opts |= OPT_BRIEF;
|
||||
|
||||
@ -46,18 +46,13 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.12 2002/03/06 09:44:16 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.14 2002/04/17 17:44:44 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
#ifndef __sgi
|
||||
#ifdef __sgi
|
||||
typedef int kvm_t;
|
||||
|
||||
static kvm_t *kvm_f = NULL;
|
||||
|
||||
#else
|
||||
|
||||
typedef int kvm_t;
|
||||
|
||||
static kvm_t kvm_f = -1;
|
||||
static int kvm_fd = -1;
|
||||
static char *kvm_errstr;
|
||||
|
||||
kvm_t kvm_open(kernel, core, swap, mode, errstr)
|
||||
@ -65,12 +60,12 @@ char *kernel, *core, *swap;
|
||||
int mode;
|
||||
char *errstr;
|
||||
{
|
||||
kvm_t fd;
|
||||
|
||||
kvm_errstr = errstr;
|
||||
|
||||
fd = open(core, mode);
|
||||
return fd;
|
||||
if (core == NULL)
|
||||
core = "/dev/kmem";
|
||||
kvm_fd = open(core, mode);
|
||||
return (kvm_fd >= 0) ? (kvm_t)&kvm_fd : NULL;
|
||||
}
|
||||
|
||||
int kvm_read(kvm, pos, buffer, size)
|
||||
@ -82,21 +77,22 @@ size_t size;
|
||||
int r, left;
|
||||
char *bufp;
|
||||
|
||||
if (lseek(kvm, pos, 0) == -1) {
|
||||
if (lseek(*kvm, pos, 0) == -1) {
|
||||
fprintf(stderr, "%s", kvm_errstr);
|
||||
perror("lseek");
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (bufp = buffer, left = size; left > 0; bufp += r, left -= r) {
|
||||
r = read(kvm, bufp, 1);
|
||||
r = read(*kvm, bufp, 1);
|
||||
if (r <= 0)
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
return size;
|
||||
}
|
||||
#endif
|
||||
|
||||
static kvm_t *kvm_f = NULL;
|
||||
|
||||
int openkmem(kern, core)
|
||||
char *kern, *core;
|
||||
|
||||
@ -141,7 +141,8 @@ void closel4(l4, dead)
|
||||
l4cfg_t *l4;
|
||||
int dead;
|
||||
{
|
||||
close(l4->l4_fd);
|
||||
if (l4->l4_fd != -1)
|
||||
close(l4->l4_fd);
|
||||
l4->l4_fd = -1;
|
||||
l4->l4_rw = -1;
|
||||
if (dead && l4->l4_alive) {
|
||||
@ -307,7 +308,7 @@ int runconfig()
|
||||
if (opts & OPT_VERBOSE)
|
||||
fprintf(stderr, "failed\n");
|
||||
perror("connect");
|
||||
close(fd);
|
||||
closel4(l4, 1);
|
||||
fd = -1;
|
||||
} else {
|
||||
if (opts & OPT_VERBOSE)
|
||||
|
||||
@ -7,8 +7,8 @@ The format for files accepted by ipnat is described by the following grammar:
|
||||
.nf
|
||||
ipmap :: = mapblock | redir | map .
|
||||
|
||||
map ::= mapit ifname ipmask "->" ipmask [ mapport ] .
|
||||
map ::= mapit ifname fromto "->" ipmask [ mapport ] .
|
||||
map ::= mapit ifname ipmask "->" dstipmask [ mapport ] .
|
||||
map ::= mapit ifname fromto "->" dstipmask [ mapport ] .
|
||||
mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] .
|
||||
redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport options .
|
||||
|
||||
@ -18,6 +18,7 @@ rdrport ::= "port" portnum .
|
||||
mapit ::= "map" | "bimap" .
|
||||
fromto ::= "from" object "to" object .
|
||||
ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
|
||||
dstipmask ::= ipmask | "range" ip "-" ip .
|
||||
mapport ::= "portmap" tcpudp portnumber ":" portnumber .
|
||||
options ::= [ tcpudp ] [ rr ] .
|
||||
|
||||
@ -34,6 +35,10 @@ ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
|
||||
numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .
|
||||
.fi
|
||||
.PP
|
||||
In addition to this, # is used to mark the start of a comment and may
|
||||
appear at the end of a line with a NAT rule (as described above) or on its
|
||||
own lines. Blank lines are ignored.
|
||||
.PP
|
||||
For standard NAT functionality, a rule should start with \fBmap\fP and then
|
||||
proceeds to specify the interface for which outgoing packets will have their
|
||||
source address rewritten.
|
||||
|
||||
@ -12,23 +12,11 @@
|
||||
#include <sys/param.h>
|
||||
|
||||
#if defined(__FreeBSD__)
|
||||
# ifndef __FreeBSD_version
|
||||
# include <sys/osreldate.h>
|
||||
# endif
|
||||
# ifdef IPFILTER_LKM
|
||||
# ifndef __FreeBSD_cc_version
|
||||
# include <osreldate.h>
|
||||
# else
|
||||
# if __FreeBSD_cc_version < 430000
|
||||
# include <osreldate.h>
|
||||
# endif
|
||||
# endif
|
||||
# define ACTUALLY_LKM_NOT_KERNEL
|
||||
# else
|
||||
# ifndef __FreeBSD_cc_version
|
||||
# include <sys/osreldate.h>
|
||||
# else
|
||||
# if __FreeBSD_cc_version < 430000
|
||||
# include <sys/osreldate.h>
|
||||
# endif
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
#include <sys/systm.h>
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2.2.2 2002/04/10 05:05:54 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
extern int ipldetach __P((void));
|
||||
@ -49,6 +49,7 @@ extern int ipldetach __P((void));
|
||||
#endif
|
||||
extern int nulldev __P((void));
|
||||
extern int errno;
|
||||
extern int iplidentify __P((char *));
|
||||
|
||||
extern int nodev __P((void));
|
||||
|
||||
|
||||
@ -56,7 +56,7 @@ extern char *sys_errlist[];
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.23 2002/02/22 15:32:55 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.24 2002/04/24 17:30:51 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
@ -394,15 +394,24 @@ int linenum;
|
||||
cpp++;
|
||||
|
||||
if (ipn.in_redir & NAT_MAPBLK) {
|
||||
if (*cpp && strcasecmp(*cpp, "ports")) {
|
||||
fprintf(stderr,
|
||||
"%d: expected \"ports\" - got \"%s\"\n",
|
||||
linenum, *cpp);
|
||||
return NULL;
|
||||
}
|
||||
cpp++;
|
||||
if (*cpp) {
|
||||
ipn.in_pmin = atoi(*cpp);
|
||||
if (strcasecmp(*cpp, "ports")) {
|
||||
fprintf(stderr,
|
||||
"%d: expected \"ports\" - got \"%s\"\n",
|
||||
linenum, *cpp);
|
||||
return NULL;
|
||||
}
|
||||
cpp++;
|
||||
if (*cpp == NULL) {
|
||||
fprintf(stderr,
|
||||
"%d: missing argument to \"ports\"\n",
|
||||
linenum);
|
||||
return NULL;
|
||||
}
|
||||
if (!strcasecmp(*cpp, "auto"))
|
||||
ipn.in_flags |= IPN_AUTOPORTMAP;
|
||||
else
|
||||
ipn.in_pmin = atoi(*cpp);
|
||||
cpp++;
|
||||
} else
|
||||
ipn.in_pmin = 0;
|
||||
@ -483,6 +492,10 @@ int linenum;
|
||||
ipn.in_p = atoi(proto);
|
||||
}
|
||||
}
|
||||
if ((ipn.in_flags & IPN_TCPUDP) == 0) {
|
||||
port1a = "0";
|
||||
port2a = "0";
|
||||
}
|
||||
|
||||
if (*cpp && !strcasecmp(*cpp, "round-robin")) {
|
||||
cpp++;
|
||||
@ -548,7 +561,7 @@ int linenum;
|
||||
if ((ipn.in_redir & NAT_MAPBLK) != 0)
|
||||
nat_setgroupmap(&ipn);
|
||||
|
||||
if (*cpp && !strcasecmp(*cpp, "frag")) {
|
||||
if (*cpp && !*(cpp+1) && !strcasecmp(*cpp, "frag")) {
|
||||
cpp++;
|
||||
ipn.in_flags |= IPN_FRAG;
|
||||
}
|
||||
@ -618,12 +631,6 @@ int linenum;
|
||||
(void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel));
|
||||
cpp++;
|
||||
|
||||
if (*cpp) {
|
||||
fprintf(stderr,
|
||||
"%d: too many parameters for \"proxy\"\n",
|
||||
linenum);
|
||||
return NULL;
|
||||
}
|
||||
} else if (!strcasecmp(*cpp, "portmap")) {
|
||||
if (ipn.in_redir == NAT_BIMAP) {
|
||||
fprintf(stderr, "%d: cannot use portmap with bimap\n",
|
||||
@ -683,6 +690,11 @@ int linenum;
|
||||
}
|
||||
}
|
||||
|
||||
if (*cpp && !strcasecmp(*cpp, "frag")) {
|
||||
cpp++;
|
||||
ipn.in_flags |= IPN_FRAG;
|
||||
}
|
||||
|
||||
if (*cpp && !strcasecmp(*cpp, "age")) {
|
||||
cpp++;
|
||||
if (!*cpp) {
|
||||
@ -690,6 +702,7 @@ int linenum;
|
||||
linenum);
|
||||
return NULL;
|
||||
}
|
||||
ipn.in_age[0] = atoi(*cpp);
|
||||
s = index(*cpp, '/');
|
||||
if (s != NULL)
|
||||
ipn.in_age[1] = atoi(s + 1);
|
||||
|
||||
@ -58,7 +58,7 @@ extern char *sys_errlist[];
|
||||
#endif
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.6 2002/02/22 15:32:56 darrenr Exp $";
|
||||
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.7 2002/04/24 17:35:37 darrenr Exp $";
|
||||
#endif
|
||||
|
||||
|
||||
@ -298,6 +298,9 @@ int opts;
|
||||
struct servent *sv;
|
||||
int bits;
|
||||
|
||||
if (np->in_p != 0)
|
||||
pr = getprotobynumber(np->in_p);
|
||||
|
||||
switch (np->in_redir)
|
||||
{
|
||||
case NAT_REDIRECT :
|
||||
@ -372,12 +375,18 @@ int opts;
|
||||
printf(" udp");
|
||||
else if (np->in_p == 0)
|
||||
printf(" ip");
|
||||
else if (np->in_p != 0)
|
||||
printf(" %d", np->in_p);
|
||||
else if (np->in_p != 0) {
|
||||
if (pr != NULL)
|
||||
printf(" %s", pr->p_name);
|
||||
else
|
||||
printf(" %d", np->in_p);
|
||||
}
|
||||
if (np->in_flags & IPN_ROUNDR)
|
||||
printf(" round-robin");
|
||||
if (np->in_flags & IPN_FRAG)
|
||||
printf(" frag");
|
||||
if (np->in_age[0])
|
||||
printf(" age %d/%d", np->in_age[0], np->in_age[1]);
|
||||
printf("\n");
|
||||
if (opts & OPT_DEBUG)
|
||||
printf("\tspc %lu flg %#x max %u use %d\n",
|
||||
@ -389,7 +398,7 @@ int opts;
|
||||
printf("%s/", inet_ntoa(np->in_in[0]));
|
||||
bits = countbits(np->in_in[1].s_addr);
|
||||
if (bits != -1)
|
||||
printf("%d ", bits);
|
||||
printf("%d", bits);
|
||||
else
|
||||
printf("%s", inet_ntoa(np->in_in[1]));
|
||||
}
|
||||
@ -401,12 +410,11 @@ int opts;
|
||||
printf("%s/", inet_ntoa(np->in_out[0]));
|
||||
bits = countbits(np->in_out[1].s_addr);
|
||||
if (bits != -1)
|
||||
printf("%d ", bits);
|
||||
printf("%d", bits);
|
||||
else
|
||||
printf("%s", inet_ntoa(np->in_out[1]));
|
||||
}
|
||||
if (*np->in_plabel) {
|
||||
pr = getprotobynumber(np->in_p);
|
||||
printf(" proxy port");
|
||||
if (np->in_dport != 0) {
|
||||
if (pr != NULL)
|
||||
@ -426,8 +434,12 @@ int opts;
|
||||
else
|
||||
printf("%d", np->in_p);
|
||||
} else if (np->in_redir == NAT_MAPBLK) {
|
||||
printf(" ports %d", np->in_pmin);
|
||||
if (opts & OPT_VERBOSE)
|
||||
if ((np->in_pmin == 0) &&
|
||||
(np->in_flags & IPN_AUTOPORTMAP))
|
||||
printf(" ports auto");
|
||||
else
|
||||
printf(" ports %d", np->in_pmin);
|
||||
if (opts & OPT_DEBUG)
|
||||
printf("\n\tip modulous %d", np->in_pmax);
|
||||
} else if (np->in_pmin || np->in_pmax) {
|
||||
printf(" portmap");
|
||||
@ -451,6 +463,8 @@ int opts;
|
||||
}
|
||||
if (np->in_flags & IPN_FRAG)
|
||||
printf(" frag");
|
||||
if (np->in_age[0])
|
||||
printf(" age %d/%d", np->in_age[0], np->in_age[1]);
|
||||
printf("\n");
|
||||
if (opts & OPT_DEBUG) {
|
||||
printf("\tspace %lu nextip %s pnext %d", np->in_space,
|
||||
|
||||
@ -15,6 +15,9 @@
|
||||
#include <netinet/in_systm.h>
|
||||
#include <net/if.h>
|
||||
#include <stdio.h>
|
||||
#if __FreeBSD_version >= 300000
|
||||
# include <net/if_var.h>
|
||||
#endif
|
||||
#include "kmem.h"
|
||||
#include "netinet/ip_compat.h"
|
||||
#include "ipf.h"
|
||||
@ -47,15 +50,17 @@ int opts;
|
||||
if (ips.is_p == IPPROTO_TCP)
|
||||
#if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
|
||||
(__FreeBSD_version >= 220000) || defined(__OpenBSD__)
|
||||
PRINTF("\t%hu -> %hu %x:%x %hu:%hu",
|
||||
PRINTF("\t%hu -> %hu %x:%x %u<<%d:%u<<%d",
|
||||
ntohs(ips.is_sport), ntohs(ips.is_dport),
|
||||
ips.is_send, ips.is_dend,
|
||||
ips.is_maxswin, ips.is_maxdwin);
|
||||
ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
|
||||
ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
|
||||
#else
|
||||
PRINTF("\t%hu -> %hu %x:%x %hu:%hu",
|
||||
PRINTF("\t%hu -> %hu %x:%x %u<<%d:%u<<%d",
|
||||
ntohs(ips.is_sport), ntohs(ips.is_dport),
|
||||
ips.is_send, ips.is_dend,
|
||||
ips.is_maxswin, ips.is_maxdwin);
|
||||
ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
|
||||
ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
|
||||
#endif
|
||||
else if (ips.is_p == IPPROTO_UDP)
|
||||
PRINTF(" %hu -> %hu", ntohs(ips.is_sport),
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
|
||||
#pragma ident "@(#)$Id: solaris.c,v 2.15.2.29 2002/01/15 14:36:54 darrenr Exp $"
|
||||
#pragma ident "@(#)$Id: solaris.c,v 2.15.2.30 2002/04/23 14:57:51 darrenr Exp $"
|
||||
|
||||
#include <sys/systm.h>
|
||||
#include <sys/types.h>
|
||||
@ -1112,7 +1112,7 @@ mblk_t *mb;
|
||||
freemsg(mb);
|
||||
}
|
||||
RWLOCK_EXIT(&ipf_solaris);
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@ -1263,7 +1263,7 @@ mblk_t *mb;
|
||||
freemsg(mb);
|
||||
}
|
||||
RWLOCK_EXIT(&ipf_solaris);
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -9,23 +9,27 @@ BINDEST=/usr/local/bin
|
||||
SBINDEST=/sbin
|
||||
MANDIR=/usr/share/man
|
||||
|
||||
tests: first 0 ftests ptests ntests nitests logtests
|
||||
tests: first 0 ftests ptests ntests nitests logtests ipv6 intests
|
||||
|
||||
first:
|
||||
-mkdir -p results
|
||||
|
||||
# Filtering tests
|
||||
ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16
|
||||
ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17
|
||||
|
||||
# Rule parsing tests
|
||||
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
|
||||
|
||||
ntests: n1 n2 n3 n4 n5 n6 n7
|
||||
|
||||
nitests: ni1 ni2
|
||||
nitests: ni1 ni2 ni3 ni4
|
||||
|
||||
intests: in1 in2 in3 in4
|
||||
|
||||
logtests: l1
|
||||
|
||||
ipv6: ipv6.1 ipv6.2
|
||||
|
||||
0:
|
||||
@(cd ..; make ipftest; )
|
||||
|
||||
@ -38,22 +42,33 @@ f12 f13:
|
||||
f15 f16:
|
||||
@/bin/sh ./mtest $@
|
||||
|
||||
f17:
|
||||
@/bin/sh ./mhtest $@
|
||||
|
||||
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
|
||||
@/bin/sh ./itest $@
|
||||
|
||||
n1 n2 n3 n4 n5 n6 n7:
|
||||
@/bin/sh ./nattest $@
|
||||
|
||||
ni1 ni2:
|
||||
ni1 ni2 ni3 ni4:
|
||||
@/bin/sh ./natipftest $@
|
||||
|
||||
in1 in2 in3 in4:
|
||||
@/bin/sh ./intest $@
|
||||
|
||||
l1:
|
||||
@/bin/sh ./logtest $@
|
||||
|
||||
ipv6.1 ipv6.2:
|
||||
@/bin/sh ./dotest6 $@
|
||||
|
||||
clean:
|
||||
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 f15 f16
|
||||
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 f15 f16 f17
|
||||
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
|
||||
/bin/rm -f n1 n2 n3 n4 n5 n6 n7
|
||||
/bin/rm -f ni1 ni2
|
||||
/bin/rm -f ni1 ni2 ni3 ni4
|
||||
/bin/rm -f in1 in2 in3 in4
|
||||
/bin/rm -f l1
|
||||
/bin/rm -f ipv6.1 ipv6.2
|
||||
/bin/rm -f results/*
|
||||
|
||||
@ -1,6 +1,11 @@
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
@ -11,8 +16,13 @@ nomatch
|
||||
nomatch
|
||||
--------
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
@ -28,6 +38,11 @@ nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
@ -40,6 +55,11 @@ nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
@ -52,6 +72,11 @@ nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
@ -64,9 +89,31 @@ nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
--------
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
--------
|
||||
|
||||
@ -1,49 +1,49 @@
|
||||
log in all
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
--------
|
||||
pass in on anon0 all head 100
|
||||
--------
|
||||
pass in log quick from 3.3.3.3 to any group 100
|
||||
--------
|
||||
pass in log body quick from 2.2.2.2 to any
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
--------
|
||||
pass in log quick proto tcp from 1.1.1.1 to any flags S keep state
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 00:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
--------
|
||||
pass in log first quick proto tcp from 1.1.1.1 to any flags S keep state
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
--------
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 10:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 00:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
--------
|
||||
|
||||
@ -1,47 +1,47 @@
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
--------
|
||||
--------
|
||||
--------
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01 02 03 04 05 06 07 08 09 0a 0b 0d ............
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
--------
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 00:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
--------
|
||||
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
--------
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 10:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
|
||||
01/01/1970 00:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
|
||||
01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
|
||||
01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
|
||||
01 02 03 04 05 06 07 08 09 0a 0b 0d ............
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
|
||||
01 02 03 04 05 06 07 08 09 0a 0b 0d 0e 0f 40 61 ..............@a
|
||||
42 63 44 65 46 67 48 69 4a 6b 4c 6d BcDeFgHiJkLm
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
|
||||
01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
|
||||
--------
|
||||
|
||||
@ -1,6 +1,11 @@
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 S
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,24 SA
|
||||
in on e1 tcp 2.1.2.2,23 1.1.1.1,2 SA
|
||||
in on e1 tcp 2.1.2.2,23 1.1.1.1,1 SA
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,25 A
|
||||
in on e1 tcp 2.1.2.2,23 1.1.1.1,1 A
|
||||
in on e1 tcp 2.1.2.2,25 1.1.1.1,1 A
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 F
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in on e0 tcp 1.1.1.1,2 2.1.2.2,23 A
|
||||
|
||||
@ -4,3 +4,4 @@ pass in proto udp from any to any port = 53 keep frags
|
||||
block in proto udp from any to any port = 53 keep frags
|
||||
pass in proto udp from any to any port = 53 keep state
|
||||
block in proto udp from any to any port = 53 keep state
|
||||
pass in on e0 proto tcp from any to any port = 25 keep state
|
||||
|
||||
Loading…
Reference in New Issue
Block a user