Browse Source

automatically populate net.inet.(tcp|udp).baddynamic with the

contents of /etc/services so as to avoid randomly allocating
source ports that correspond to well-known services. Auto-filling
of the baddynamic tables is performed before reading sysctl.conf,
so it is still possible to add or subtract ports, or override the
autofilling entirely there.
Note that this requires a new kernel and /sbin/sysctl.
feedback markus@ ok markus@ deraadt@ millert@
OPENBSD_4_4
djm 16 years ago
parent
commit
664640fdd4
1 changed files with 33 additions and 1 deletions
  1. +33
    -1
      src/etc/rc

+ 33
- 1
src/etc/rc View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.317 2008/06/15 04:49:34 sturm Exp $
# $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
# System startup script run by init on autoboot # System startup script run by init on autoboot
# or after single-user. # or after single-user.
@ -116,6 +116,34 @@ random_seed()
fi fi
} }
fill_baddynamic()
{
local _service="$1"
local _sysctl="net.inet.${_service}.baddynamic"
local _name _port _srv _junk _ban
local _i=0
grep "/${_service}" /etc/services | {
IFS=" /"
while read _name _port _srv _junk; do
[ "x${_srv}" = "x${_service}" ] || continue;
if [ "x${_ban}" = "x" ]; then
_ban="+${_port}"
else
_ban="${_ban},+${_port}"
fi
# Flush before argv gets too long
if [ $((++_i)) -gt 128 ]; then
sysctl ${_sysctl}=${_ban} >/dev/null
_ban=""
_i=0
fi
done;
if [ "x${_ban}" != "x" ]; then
sysctl ${_sysctl}=${_ban} >/dev/null
fi
}
}
# End subroutines # End subroutines
stty status '^T' stty status '^T'
@ -253,6 +281,10 @@ if [ X"${pf}" != X"NO" ]; then
pfctl -e pfctl -e
fi fi
# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services
fill_baddynamic udp
fill_baddynamic tcp
sysctl_conf sysctl_conf
# set hostname, turn on network # set hostname, turn on network


Loading…
Cancel
Save