|
|
|
@ -1,6 +1,6 @@ |
|
|
|
#!/bin/sh - |
|
|
|
# |
|
|
|
# $OpenBSD: netstart,v 1.53 1999/12/09 14:22:38 itojun Exp $ |
|
|
|
# $OpenBSD: netstart,v 1.54 1999/12/31 04:32:53 itojun Exp $ |
|
|
|
|
|
|
|
# Returns true if $1 contains only alphanumerics |
|
|
|
isalphanumeric() { |
|
|
|
@ -43,6 +43,20 @@ ifconfig lo0 inet localhost |
|
|
|
route -n add -host $hostname localhost |
|
|
|
route -n add -net 127 127.0.0.1 -reject |
|
|
|
|
|
|
|
if ifconfig lo0 inet6 >/dev/null 2>&1; then |
|
|
|
# IPv6 configurations. |
|
|
|
ip6kernel=YES |
|
|
|
|
|
|
|
# disallow scoped unicast dest without outgoing scope identifiers. |
|
|
|
route add -inet6 fe80:: -prefixlen 10 ::1 -reject |
|
|
|
route add -inet6 fc80:: -prefixlen 10 ::1 -reject |
|
|
|
# disallow "internal" addresses to appear on the wire. |
|
|
|
route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject |
|
|
|
route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject |
|
|
|
else |
|
|
|
ip6kernel=NO |
|
|
|
fi |
|
|
|
|
|
|
|
# configure all of the non-loopback interfaces which we know about. |
|
|
|
# refer to hostname.if(5) and bridgename.if(5) |
|
|
|
for hn in /etc/hostname.*; do |
|
|
|
@ -157,14 +171,6 @@ EOF |
|
|
|
route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject;; |
|
|
|
esac |
|
|
|
|
|
|
|
# IPv6 configurations. |
|
|
|
# disallow scoped unicast dest without outgoing scope identifiers. |
|
|
|
route add -inet6 fe80:: -prefixlen 10 ::1 -reject |
|
|
|
route add -inet6 fc80:: -prefixlen 10 ::1 -reject |
|
|
|
# disallow "internal" addresses to appear on the wire. |
|
|
|
route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject |
|
|
|
route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject |
|
|
|
|
|
|
|
# Configure NAT after configuring network interfaces |
|
|
|
if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then |
|
|
|
echo 'configuring NAT' |
|
|
|
|
itojun
25 years ago