Attachment #15162 for bug #28200

View | Details | Raw Unified | Return to bug 28200
Collapse All | Expand All




		;;
	esac

	# Stop RFC1918 nets on the outside interface
	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
	${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}

	# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
	# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
	# on the outside interface
	${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
	${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
	${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
	${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
	${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}

	# Allow TCP through if setup succeeded
	${fwcmd} add pass tcp from any to any established

Return to bug 28200

Lines 233-252 Link Here

(-)rc.firewall (-14 lines)
233	;;	233	;;
234	esac	234	esac
235		235
236	# Stop RFC1918 nets on the outside interface
237	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
238	${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
239	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
240
241	# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
242	# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
243	# on the outside interface
244	${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
245	${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
246	${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
247	${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
248	${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
249
250	# Allow TCP through if setup succeeded	236	# Allow TCP through if setup succeeded
251	${fwcmd} add pass tcp from any to any established	237	${fwcmd} add pass tcp from any to any established