Attachment #9983 for bug #20197

View | Details | Raw Unified | Return to bug 20197
Collapse All | Expand All




	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
	${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}

	# Change the natd rule to here, otherwise the RFC1918 rules might
	# kill valid packets made by natd
	case ${natd_enable} in
	[Yy][Ee][Ss])
		if [ -n "${natd_interface}" ]; then
		${fwcmd} delete 50
	      	${fwcmd} add divert natd all from any to any via ${natd_interface}
		fi
		;;
	esac

	# Stop draft-manning-dsua-01.txt nets on the outside interface
	${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
	${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}

Return to bug 20197

Lines 178-183 Link Here

(-)rc.firewall (+11 lines)
178	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}	178	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
179	${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}	179	${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
180		180
		181	# Change the natd rule to here, otherwise the RFC1918 rules might
		182	# kill valid packets made by natd
		183	case ${natd_enable} in
		184	[Yy][Ee][Ss])
		185	if [ -n "${natd_interface}" ]; then
		186	${fwcmd} delete 50
		187	${fwcmd} add divert natd all from any to any via ${natd_interface}
		188	fi
		189	;;
		190	esac
		191
181	# Stop draft-manning-dsua-01.txt nets on the outside interface	192	# Stop draft-manning-dsua-01.txt nets on the outside interface
182	${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}	193	${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
183	${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}	194	${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}