Browse Source

added IP filter to netstat/rc and put examples in /usr/share/ipf

OPENBSD_2_0
dm 29 years ago
parent
commit
f3263fa32a
3 changed files with 25 additions and 0 deletions
  1. +9
    -0
      src/etc/ipf.rules
  2. +12
    -0
      src/etc/netstart
  3. +4
    -0
      src/etc/rc

+ 9
- 0
src/etc/ipf.rules View File

@ -0,0 +1,9 @@
#
# IP filtering rules. See the ipf(5) man page for more
# information on the format of this file, and /usr/share/ipf
# for example configuration files.
#
# Pass all packets by default.
#
pass in from any to any
pass out from any to any

+ 12
- 0
src/etc/netstart View File

@ -20,12 +20,15 @@ nfs_client=NO
gated=NO gated=NO
kerberos_server=NO kerberos_server=NO
amd=NO amd=NO
ipfilter=NO
# miscellaneous other flags # miscellaneous other flags
# only used if the appropriate server is marked YES above # only used if the appropriate server is marked YES above
gated_flags= gated_flags=
amd_dir=/amd # AMD's mount directory amd_dir=/amd # AMD's mount directory
amd_master=/etc/amd/master # AMD 'master' map amd_master=/etc/amd/master # AMD 'master' map
ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering
ipmon_flags=-s # To disable logging, use ipmon_flags=NO
# /etc/myname contains my symbolic name # /etc/myname contains my symbolic name
# #
@ -35,6 +38,15 @@ if [ -f /etc/defaultdomain ]; then
domainname `cat /etc/defaultdomain` domainname `cat /etc/defaultdomain`
fi fi
# Configure the IP filter before configuring network interfaces
#
if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
echo 'configuring IP filter'
ipf -Fa -f ${ipfilter_rules} -E
else
ipfilter=NO
fi
# configure all of the interfaces which we know about. # configure all of the interfaces which we know about.
# do this by reading /etc/hostname.* files, where * is the name # do this by reading /etc/hostname.* files, where * is the name
# of a given interface. # of a given interface.


+ 4
- 0
src/etc/rc View File

@ -80,6 +80,10 @@ echo 'starting network'
mount /usr >/dev/null 2>&1 mount /usr >/dev/null 2>&1
mount /var >/dev/null 2>&1 mount /var >/dev/null 2>&1
if [ X"${ipfilter}" = X"YES" -a X"${ipmon_flags}" != X"NO" ]; then
ipmon ${ipmon_flags} &
fi
# clean up left-over files # clean up left-over files
rm -f /etc/nologin rm -f /etc/nologin
rm -f /var/spool/lock/LCK.* rm -f /var/spool/lock/LCK.*


Loading…
Cancel
Save