Attachment 5933 Details for Bug 13769 – p

p (text/plain; charset=us-ascii), 1.53 KB, created by Ruslan Ermilov on 1999-09-16 11:49:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ruslan Ermilov

Created: 1999-09-16 11:49:29 UTC

Size: 1.53 KB

patch

obsolete

>Index: rc.firewall
>===================================================================
>RCS file: /usr/FreeBSD-CVS/src/etc/rc.firewall,v
>retrieving revision 1.19.2.2
>diff -u -r1.19.2.2 rc.firewall
>--- rc.firewall	1999/08/29 14:18:55	1.19.2.2
>+++ rc.firewall	1999/09/16 10:23:24
>@@ -66,7 +66,10 @@
> # will then be run again on each packet after translation by natd,
> # minus any divert rules (see natd(8)).
> if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
>-        $fwcmd add divert natd all from any to any via ${natd_interface}
>+        $fwcmd add 50 divert natd all from any to any via ${natd_interface}
>+	_natd_enabled="YES"
>+else
>+	_natd_enabled=""
> fi
> 
> ############
>@@ -152,11 +155,11 @@
> 
>     # Stop RFC1918 nets on the outside interface
>     $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
>-    $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif}
>+    $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 ${_natd_enabled:+out} via ${oif}
>     $fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif}
>-    $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif}
>+    $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 ${_natd_enabled:+out} via ${oif}
>     $fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif}
>-    $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif}
>+    $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 ${_natd_enabled:+out} via ${oif}
> 
>     # Allow TCP through if setup succeeded
>     $fwcmd add pass tcp from any to any established

Actions: View

Attachments on bug 13769: 5932 | 5933