Bug 148656
| Summary: | rc.firewall(8): {oip} and {iip} variables in rc.firewall script undefined in FreeBSD 7.2 and 8.0 | ||
|---|---|---|---|
| Product: | Base System | Reporter: | John J. Donohue <jdonohue> |
| Component: | conf | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Open --- | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-bugs->freebsd-rc Over to maintainer(s). For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped |
under FreeBSD versions up to 7.0, the oif, onet, omask, oip, iif, inet, imask, and iip variables were explicitly defined in the SIMPLE segment of rc.firewall, as in; # set these to your outside interface network and netmask and ip oif="xl0" onet="192.168.224.0" omask="255.255.255.0" oip="192.168.224.4" # set these to your inside interface network and netmask and ip iif="xl1" inet="192.168.240.0" imask="255.255.255.0" iip="192.168.240.1" under version 7.2 and 8.0, oif, onet, iif, and inet are defined in rc.conf; firewall_simple_oif="xl0" firewall_simple_onet="192.168.224.0/24" firewall_simple_iif="xl1" firewall_simple_inet="192.168.240.0/24" and then substituted in the SIMPLE segment of rc.firewall; # Configuration: # firewall_simple_iif: Inside network interface. # firewall_simple_inet: Inside network address. # firewall_simple_oif: Outside network interface. # firewall_simple_onet: Outside network address. ############ # set these to your outside interface network oif="$firewall_simple_oif" onet="$firewall_simple_onet" # set these to your inside interface network iif="$firewall_simple_iif" inet="$firewall_simple_inet" oip and iip are not defined, declared or extracted anywhere and substitute as a value of '0' in script statements such as ${fwcmd} add pass tcp from 192.168.240.0/24 to ${iip} 22 via ${iif} setup which upon an 'ipfw show' lists as allow tcp from 192.168.240.0/24 to 0.0.0.22 via xl1 setup ^^^^^^^^ instead of allow tcp from 192.168.240.0/24 to 192.168.240.1 dst-port 22 via xl1 setup ^^^^^^^^^^^^^^^^^^^^^^^^^ which was the original intent. Fix: MY SOLUTION: I added the following to /etc/rc.conf; firewall_simple_oip="192.168.224.4" firewall_simple_iip="192.168.240.1" and the following to the SIMPLE segment of rc.firewall; # Configuration: # firewall_simple_iif: Inside network interface. # firewall_simple_inet: Inside network address. --> # firewall_simple_iip: Inside ip address. # firewall_simple_oif: Outside network interface. # firewall_simple_onet: Outside network address. --> # firewall_simple_oip: Outside ip address. ############ # set these to your outside interface network oif="$firewall_simple_oif" onet="$firewall_simple_onet" --> oip="$firewall_simple_oip" # set these to your inside interface network iif="$firewall_simple_iif" inet="$firewall_simple_inet" --> iip="$firewall_simple_iip" How-To-Repeat: run the default included /etc/rc.firewall script using /etc/rc.conf:firewall_type="SIMPLE" and using any active ipfw statements that include {oip} and/or {iip} variable references