Bug 176347 - [rc.conf] [patch] Add support for firewall deny lists (workstation type)
Summary: [rc.conf] [patch] Add support for firewall deny lists (workstation type)
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 9.1-PRERELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2013-02-22 10:50 UTC by Noor Dawod
Modified: 2018-01-03 05:16 UTC (History)
0 users

See Also:

file.diff (2.81 KB, patch)
2013-02-22 10:50 UTC, Noor Dawod
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Noor Dawod 2013-02-22 10:50:01 UTC
ipfw has a handly configuration section in rc.conf to ease firewalling. In the 'workstation' type, however, there is a way to allow full access for selected clients, but no way for denying it for others.

The attached patches would add that support. Since lists of IP's could grow big, I've opted to using files to host the list of addresses, as opposed to writing the list in rc.conf.

I've made it possible so that either all IP-related traffic is blocked, or specific TCP ports are blocked. The user can decide that easily via rc.conf.

Please pay attention that this supersedes pr=176344 which I had sent an hour ago; this PR adds support for selective TCP ports.

Fix: Patch attached with submission follows:
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2013-02-24 22:16:18 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

Over to maintainer(s).
Comment 2 noor 2013-02-25 21:08:26 UTC
Hello again,

After reviewing the patch, I realise that a file may contain a whitespace de=
limiter, and not necessarily a space character.=20

As such, it'd be wiser to use -w instead of -d " " in 'cut' command to achie=
ve that.

Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:34 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped