Attachment 9985 Details for Bug 20197 – ddd

ddd

ddd (text/plain; charset=us-ascii), 1.24 KB, created by Stephen Montgomery-Smith on 2000-07-26 23:38:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stephen Montgomery-Smith

Created: 2000-07-26 23:38:53 UTC

Size: 1.24 KB

patch

obsolete

>--- /usr/etc-chg/4.0158/etc/rc.firewall	Sat Jul 15 19:31:58 2000
>+++ rc.firewall-default	Wed Jul 26 17:35:27 2000
>@@ -171,12 +171,25 @@
> 	${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
> 
> 	# Stop RFC1918 nets on the outside interface
>-	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
> 	${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
>-	${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
> 	${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
>-	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
> 	${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
>+
>+	# Change the natd rule to here, otherwise the RFC1918
>+	# rules might kill valid packets made by natd
>+	case ${natd_enable} in
>+	[Yy][Ee][Ss])
>+		if [ -n "${natd_interface}" ]; then
>+		${fwcmd} delete 50
>+	      	${fwcmd} add divert natd all from any to any via ${natd_interface}
>+		fi
>+		;;
>+	esac
>+
>+	# Stop RFC1918 nets on the outside interface
>+	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
>+	${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
>+	${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
> 
> 	# Stop draft-manning-dsua-01.txt nets on the outside interface
> 	${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}

Actions: View

Attachments on bug 20197: 9983 | 9984 | 9985