rc.firewall (25412) | rc.firewall (25478) |
---|---|
1############ 2# Setup system for firewall service. | 1############ 2# Setup system for firewall service. |
3# $Id: rc.firewall,v 1.6.2.1 1997/04/26 22:39:34 jkh Exp $ | 3# $Id: rc.firewall,v 1.11 1997/05/03 11:22:17 jkh Exp $ |
4 5############ 6# 7# >>Warning<< 8# This file is not very old yet, and have been put together without much 9# testing of the contents. 10 11# Set this to be the type of firewall you want: open, client, simple or NONE. --- 6 unchanged lines hidden (view full) --- 18# If you don't know enough about packet filtering, we suggest that you 19# take time to read this book: 20# 21# Building Internet Firewalls 22# Brent Chapman and Elizabeth Zwicky 23# 24# O'Reilly & Associates, Inc 25# ISBN 1-56592-124-0 | 4 5############ 6# 7# >>Warning<< 8# This file is not very old yet, and have been put together without much 9# testing of the contents. 10 11# Set this to be the type of firewall you want: open, client, simple or NONE. --- 6 unchanged lines hidden (view full) --- 18# If you don't know enough about packet filtering, we suggest that you 19# take time to read this book: 20# 21# Building Internet Firewalls 22# Brent Chapman and Elizabeth Zwicky 23# 24# O'Reilly & Associates, Inc 25# ISBN 1-56592-124-0 |
26# http://www.ora.com/ |
|
26# 27# For a more advanced treatment of Internet Security read: 28# 29# Firewalls & Internet Security 30# Repelling the wily hacker 31# William R. Cheswick, Steven M. Bellowin 32# 33# Addison-Wesley 34# ISBN 0-201-6337-4 | 27# 28# For a more advanced treatment of Internet Security read: 29# 30# Firewalls & Internet Security 31# Repelling the wily hacker 32# William R. Cheswick, Steven M. Bellowin 33# 34# Addison-Wesley 35# ISBN 0-201-6337-4 |
36# http://www.awl.com/ |
|
35# 36 37############ 38# Flush out the list before we begin. 39/sbin/ipfw -f flush 40 41############ 42# If you just configured ipfw in the kernel as a tool to solve network --- 44 unchanged lines hidden (view full) --- 87 # Allow DNS queries out in the world 88 /sbin/ipfw add pass udp from any 53 to ${ip} 89 /sbin/ipfw add pass udp from ${ip} to any 53 90 91 # Allow NTP queries out in the world 92 /sbin/ipfw add pass udp from any 123 to ${ip} 93 /sbin/ipfw add pass udp from ${ip} to any 123 94 | 37# 38 39############ 40# Flush out the list before we begin. 41/sbin/ipfw -f flush 42 43############ 44# If you just configured ipfw in the kernel as a tool to solve network --- 44 unchanged lines hidden (view full) --- 89 # Allow DNS queries out in the world 90 /sbin/ipfw add pass udp from any 53 to ${ip} 91 /sbin/ipfw add pass udp from ${ip} to any 53 92 93 # Allow NTP queries out in the world 94 /sbin/ipfw add pass udp from any 123 to ${ip} 95 /sbin/ipfw add pass udp from ${ip} to any 123 96 |
95 # Everyting else is denied as default. | 97 # Everything else is denied as default. |
96 97elif [ "${firewall}" = "simple" ]; then 98 99 ############ 100 # This is a prototype setup for a simple firewall. Configure this machine 101 # as a named server and ntp server, and point all the machines on the inside 102 # at this machine for those services. 103 ############ --- 40 unchanged lines hidden (view full) --- 144 # Allow DNS queries out in the world 145 /sbin/ipfw add pass udp from any 53 to ${oip} 146 /sbin/ipfw add pass udp from ${oip} to any 53 147 148 # Allow NTP queries out in the world 149 /sbin/ipfw add pass udp from any 123 to ${oip} 150 /sbin/ipfw add pass udp from ${oip} to any 123 151 | 98 99elif [ "${firewall}" = "simple" ]; then 100 101 ############ 102 # This is a prototype setup for a simple firewall. Configure this machine 103 # as a named server and ntp server, and point all the machines on the inside 104 # at this machine for those services. 105 ############ --- 40 unchanged lines hidden (view full) --- 146 # Allow DNS queries out in the world 147 /sbin/ipfw add pass udp from any 53 to ${oip} 148 /sbin/ipfw add pass udp from ${oip} to any 53 149 150 # Allow NTP queries out in the world 151 /sbin/ipfw add pass udp from any 123 to ${oip} 152 /sbin/ipfw add pass udp from ${oip} to any 123 153 |
152 # Everyting else is denied as default. 153fi | 154 # Everything else is denied as default. |
154 | 155 |
156elif [ "${firewall}" != "NONE" -a -r "${firewall}" ]; then 157 158 /sbin/ipfw ${firewall} 159fi |
|