Browse Source

install IPv6 reject routes only if kernel is capable of IPv6.

OPENBSD_2_7
itojun 25 years ago
parent
commit
7792f17d05
1 changed files with 15 additions and 9 deletions
  1. +15
    -9
      src/etc/netstart

+ 15
- 9
src/etc/netstart View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $OpenBSD: netstart,v 1.53 1999/12/09 14:22:38 itojun Exp $
# $OpenBSD: netstart,v 1.54 1999/12/31 04:32:53 itojun Exp $
# Returns true if $1 contains only alphanumerics # Returns true if $1 contains only alphanumerics
isalphanumeric() { isalphanumeric() {
@ -43,6 +43,20 @@ ifconfig lo0 inet localhost
route -n add -host $hostname localhost route -n add -host $hostname localhost
route -n add -net 127 127.0.0.1 -reject route -n add -net 127 127.0.0.1 -reject
if ifconfig lo0 inet6 >/dev/null 2>&1; then
# IPv6 configurations.
ip6kernel=YES
# disallow scoped unicast dest without outgoing scope identifiers.
route add -inet6 fe80:: -prefixlen 10 ::1 -reject
route add -inet6 fc80:: -prefixlen 10 ::1 -reject
# disallow "internal" addresses to appear on the wire.
route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
else
ip6kernel=NO
fi
# configure all of the non-loopback interfaces which we know about. # configure all of the non-loopback interfaces which we know about.
# refer to hostname.if(5) and bridgename.if(5) # refer to hostname.if(5) and bridgename.if(5)
for hn in /etc/hostname.*; do for hn in /etc/hostname.*; do
@ -157,14 +171,6 @@ EOF
route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject;; route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject;;
esac esac
# IPv6 configurations.
# disallow scoped unicast dest without outgoing scope identifiers.
route add -inet6 fe80:: -prefixlen 10 ::1 -reject
route add -inet6 fc80:: -prefixlen 10 ::1 -reject
# disallow "internal" addresses to appear on the wire.
route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
# Configure NAT after configuring network interfaces # Configure NAT after configuring network interfaces
if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then
echo 'configuring NAT' echo 'configuring NAT'


Loading…
Cancel
Save