Bug 176347

Summary: [rc.conf] [patch] Add support for firewall deny lists (workstation type)
Product: Base System Reporter: Noor Dawod <site.freebsd>
Component: confAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me    
Priority: Normal    
Version: 9.1-PRERELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Noor Dawod 2013-02-22 10:50:01 UTC
ipfw has a handly configuration section in rc.conf to ease firewalling. In the 'workstation' type, however, there is a way to allow full access for selected clients, but no way for denying it for others.

The attached patches would add that support. Since lists of IP's could grow big, I've opted to using files to host the list of addresses, as opposed to writing the list in rc.conf.

I've made it possible so that either all IP-related traffic is blocked, or specific TCP ports are blocked. The user can decide that easily via rc.conf.

Please pay attention that this supersedes pr=176344 which I had sent an hour ago; this PR adds support for selective TCP ports.

Fix: Patch attached with submission follows:
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2013-02-24 22:16:18 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

Over to maintainer(s).
Comment 2 noor 2013-02-25 21:08:26 UTC
Hello again,

After reviewing the patch, I realise that a file may contain a whitespace de=
limiter, and not necessarily a space character.=20

As such, it'd be wiser to use -w instead of -d " " in 'cut' command to achie=
ve that.

Noor=
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:34 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped