rc.firewall (201193) | rc.firewall (201752) |
---|---|
1#!/bin/sh - 2# Copyright (c) 1996 Poul-Henning Kamp 3# All rights reserved. 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions 7# are met: 8# 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24# SUCH DAMAGE. 25# | 1#!/bin/sh - 2# Copyright (c) 1996 Poul-Henning Kamp 3# All rights reserved. 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions 7# are met: 8# 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24# SUCH DAMAGE. 25# |
26# $FreeBSD: head/etc/rc.firewall 201193 2009-12-29 11:27:51Z ume $ | 26# $FreeBSD: head/etc/rc.firewall 201752 2010-01-07 17:46:25Z ume $ |
27# 28 29# 30# Setup system for ipfw(4) firewall service. 31# 32 33# Suck in the configuration variables. 34if [ -z "${source_rc_confs_defined}" ]; then --- 465 unchanged lines hidden (view full) --- 500 # still in use. 501 ${fwcmd} add pass icmp from any to any icmptype 8 502 if [ $ipv6_available -eq 0 ]; then 503 ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 504 fi 505 506 # Allow "mandatory" ICMP in. 507 ${fwcmd} add pass icmp from any to any icmptype 3,4,11 | 27# 28 29# 30# Setup system for ipfw(4) firewall service. 31# 32 33# Suck in the configuration variables. 34if [ -z "${source_rc_confs_defined}" ]; then --- 465 unchanged lines hidden (view full) --- 500 # still in use. 501 ${fwcmd} add pass icmp from any to any icmptype 8 502 if [ $ipv6_available -eq 0 ]; then 503 ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 504 fi 505 506 # Allow "mandatory" ICMP in. 507 ${fwcmd} add pass icmp from any to any icmptype 3,4,11 |
508 | 508 if [ $ipv6_available -eq 0 ]; then 509 ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 510 fi 511 |
509 # Add permits for this workstations published services below 510 # Only IPs and nets in firewall_allowservices is allowed in. 511 # If you really wish to let anyone use services on your 512 # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf 513 # 514 # Note: We don't use keep-state as that would allow DoS of 515 # our statetable. 516 # You can add 'keep-state' to the lines for slightly --- 61 unchanged lines hidden --- | 512 # Add permits for this workstations published services below 513 # Only IPs and nets in firewall_allowservices is allowed in. 514 # If you really wish to let anyone use services on your 515 # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf 516 # 517 # Note: We don't use keep-state as that would allow DoS of 518 # our statetable. 519 # You can add 'keep-state' to the lines for slightly --- 61 unchanged lines hidden --- |