1,3c1
< ############
< # Setup system for firewall service.
< # $FreeBSD: head/release/picobsd/floppy.tree/etc/rc.firewall 50479 1999-08-28 01:35:59Z peter $
---
> # $FreeBSD: head/release/picobsd/floppy.tree/etc/rc.firewall 91853 2002-03-08 05:15:08Z luigi $
5,6c3,10
< ############
< # Define the firewall type in /etc/rc.conf. Valid values are:
---
> # Setup system for firewall service, with some sample configurations.
> # Select one using ${firewall_type} which you can set in /etc/rc.conf.local.
> #
> # If you override this file with your own copy, you can use ${hostname}
> # as the key for the case statement. On entry, the firewall will be flushed
> # and $fwcmd will point to the appropriate command (usually /sbin/ipfw)
> #
> # Sample configurations are:
8,9c12,13
< # client - will try to protect just this machine
< # simple - will try to protect a whole network
---
> # client - will try to protect just this machine (should be customized).
> # simple - will try to protect a whole network (should be customized).
14,15d17
< # For ``client'' and ``simple'' the entries below should be customized
< # appropriately.
18,64d19
< #
< # If you don't know enough about packet filtering, we suggest that you
< # take time to read this book:
< #
< # Building Internet Firewalls
< # Brent Chapman and Elizabeth Zwicky
< #
< # O'Reilly & Associates, Inc
< # ISBN 1-56592-124-0
< # http://www.ora.com/
< #
< # For a more advanced treatment of Internet Security read:
< #
< # Firewalls & Internet Security
< # Repelling the wily hacker
< # William R. Cheswick, Steven M. Bellowin
< #
< # Addison-Wesley
< # ISBN 0-201-6337-4
< # http://www.awl.com/
< #
<
< if [ "x$1" != "x" ]; then
< firewall_type=$1
< fi
<
< ############
< # Set quiet mode if requested
< if [ "x$firewall_quiet" = "xYES" ]; then
< fwcmd="/sbin/ipfw -q"
< else
< fwcmd="/sbin/ipfw"
< fi
<
< ############
< # Flush out the list before we begin.
< $fwcmd -f flush
<
< ############
< # If you just configured ipfw in the kernel as a tool to solve network
< # problems or you just want to disallow some particular kinds of traffic
< # they you will want to change the default policy to open. You can also
< # do this as your only action by setting the firewall_type to ``open''.
<
< # $fwcmd add 65000 pass all from any to any
<
< ############
71c26,29
< if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then
---
> case "${firewall_type}" in
> open|OPEN)
> $fwcmd add 65000 pass all from any to any
> ;;
73c31
< $fwcmd add 65000 pass all from any to any
---
> client)
75,76d32
< elif [ "${firewall_type}" = "client" ]; then
<
111a68,69
> $fwcmd add 65000 deny all from any to any
> ;;
113c71
< elif [ "${firewall_type}" = "simple" ]; then
---
> simple)
168a127,128
> $fwcmd add 65000 deny all from any to any
> ;;
170c130,135
< elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then
---
> UNKNOWN|"")
> echo "WARNING: firewall rules not loaded."
> ;;
>
> *) # an absolute pathname ?
> if [ -f "${firewall_type}" ] ; then
172c137,142
< fi
---
> else
> echo "WARNING: firewall config script (${firewall_type}) not found,"
> echo " firewall rules not loaded."
> fi
> ;;
> esac
< ############
< # Setup system for firewall service.
< # $FreeBSD: head/release/picobsd/floppy.tree/etc/rc.firewall 50479 1999-08-28 01:35:59Z peter $
---
> # $FreeBSD: head/release/picobsd/floppy.tree/etc/rc.firewall 91853 2002-03-08 05:15:08Z luigi $
5,6c3,10
< ############
< # Define the firewall type in /etc/rc.conf. Valid values are:
---
> # Setup system for firewall service, with some sample configurations.
> # Select one using ${firewall_type} which you can set in /etc/rc.conf.local.
> #
> # If you override this file with your own copy, you can use ${hostname}
> # as the key for the case statement. On entry, the firewall will be flushed
> # and $fwcmd will point to the appropriate command (usually /sbin/ipfw)
> #
> # Sample configurations are:
8,9c12,13
< # client - will try to protect just this machine
< # simple - will try to protect a whole network
---
> # client - will try to protect just this machine (should be customized).
> # simple - will try to protect a whole network (should be customized).
14,15d17
< # For ``client'' and ``simple'' the entries below should be customized
< # appropriately.
18,64d19
< #
< # If you don't know enough about packet filtering, we suggest that you
< # take time to read this book:
< #
< # Building Internet Firewalls
< # Brent Chapman and Elizabeth Zwicky
< #
< # O'Reilly & Associates, Inc
< # ISBN 1-56592-124-0
< # http://www.ora.com/
< #
< # For a more advanced treatment of Internet Security read:
< #
< # Firewalls & Internet Security
< # Repelling the wily hacker
< # William R. Cheswick, Steven M. Bellowin
< #
< # Addison-Wesley
< # ISBN 0-201-6337-4
< # http://www.awl.com/
< #
<
< if [ "x$1" != "x" ]; then
< firewall_type=$1
< fi
<
< ############
< # Set quiet mode if requested
< if [ "x$firewall_quiet" = "xYES" ]; then
< fwcmd="/sbin/ipfw -q"
< else
< fwcmd="/sbin/ipfw"
< fi
<
< ############
< # Flush out the list before we begin.
< $fwcmd -f flush
<
< ############
< # If you just configured ipfw in the kernel as a tool to solve network
< # problems or you just want to disallow some particular kinds of traffic
< # they you will want to change the default policy to open. You can also
< # do this as your only action by setting the firewall_type to ``open''.
<
< # $fwcmd add 65000 pass all from any to any
<
< ############
71c26,29
< if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then
---
> case "${firewall_type}" in
> open|OPEN)
> $fwcmd add 65000 pass all from any to any
> ;;
73c31
< $fwcmd add 65000 pass all from any to any
---
> client)
75,76d32
< elif [ "${firewall_type}" = "client" ]; then
<
111a68,69
> $fwcmd add 65000 deny all from any to any
> ;;
113c71
< elif [ "${firewall_type}" = "simple" ]; then
---
> simple)
168a127,128
> $fwcmd add 65000 deny all from any to any
> ;;
170c130,135
< elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then
---
> UNKNOWN|"")
> echo "WARNING: firewall rules not loaded."
> ;;
>
> *) # an absolute pathname ?
> if [ -f "${firewall_type}" ] ; then
172c137,142
< fi
---
> else
> echo "WARNING: firewall config script (${firewall_type}) not found,"
> echo " firewall rules not loaded."
> fi
> ;;
> esac