rc.firewall (23037) | rc.firewall (25184) |
---|---|
1############ 2# Setup system for firewall service. | 1############ 2# Setup system for firewall service. |
3# $Id$ | 3# $Id: rc.firewall,v 1.8 1997/02/23 09:20:47 peter Exp $ |
4 5############ 6# 7# >>Warning<< 8# This file is not very old yet, and have been put together without much 9# testing of the contents. 10 11# Set this to be the type of firewall you want: open, client, simple or NONE. 12# ``open'' will allow anyone in, ``client'' will try to protect just one 13# machine and ``simple'' will try to protect a whole network (entries should 14# be customized appropriately below). To let no one in, use NONE. 15 | 4 5############ 6# 7# >>Warning<< 8# This file is not very old yet, and have been put together without much 9# testing of the contents. 10 11# Set this to be the type of firewall you want: open, client, simple or NONE. 12# ``open'' will allow anyone in, ``client'' will try to protect just one 13# machine and ``simple'' will try to protect a whole network (entries should 14# be customized appropriately below). To let no one in, use NONE. 15 |
16firewall_type=NONE 17 18 | |
19############ 20# 21# If you don't know enough about packet filtering, we suggest that you 22# take time to read this book: 23# 24# Building Internet Firewalls 25# Brent Chapman and Elizabeth Zwicky 26# --- 23 unchanged lines hidden (view full) --- 50# /sbin/ipfw add 65000 pass all from any to any 51 52############ 53# Only in rare cases do you want to change this rule 54/sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1 55 56 57# Prototype setups. | 16############ 17# 18# If you don't know enough about packet filtering, we suggest that you 19# take time to read this book: 20# 21# Building Internet Firewalls 22# Brent Chapman and Elizabeth Zwicky 23# --- 23 unchanged lines hidden (view full) --- 47# /sbin/ipfw add 65000 pass all from any to any 48 49############ 50# Only in rare cases do you want to change this rule 51/sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1 52 53 54# Prototype setups. |
58if [ "${firewall_type}" = "open" ]; then | 55if [ "${firewall}" = "open" ]; then |
59 60 /sbin/ipfw add 65000 pass all from any to any 61 | 56 57 /sbin/ipfw add 65000 pass all from any to any 58 |
62elif [ "${firewall_type}" = "client" ]; then | 59elif [ "${firewall}" = "client" ]; then |
63 64 ############ 65 # This is a prototype setup that will protect your system somewhat against 66 # people from outside your own network. 67 ############ 68 69 # set these to your network and netmask and ip 70 net="192.168.4.0" --- 21 unchanged lines hidden (view full) --- 92 /sbin/ipfw add pass udp from ${ip} to any 53 93 94 # Allow NTP queries out in the world 95 /sbin/ipfw add pass udp from any 123 to ${ip} 96 /sbin/ipfw add pass udp from ${ip} to any 123 97 98 # Everyting else is denied as default. 99 | 60 61 ############ 62 # This is a prototype setup that will protect your system somewhat against 63 # people from outside your own network. 64 ############ 65 66 # set these to your network and netmask and ip 67 net="192.168.4.0" --- 21 unchanged lines hidden (view full) --- 89 /sbin/ipfw add pass udp from ${ip} to any 53 90 91 # Allow NTP queries out in the world 92 /sbin/ipfw add pass udp from any 123 to ${ip} 93 /sbin/ipfw add pass udp from ${ip} to any 123 94 95 # Everyting else is denied as default. 96 |
100elif [ "${firewall_type}" = "simple" ]; then | 97elif [ "${firewall}" = "simple" ]; then |
101 102 ############ 103 # This is a prototype setup for a simple firewall. Configure this machine 104 # as a named server and ntp server, and point all the machines on the inside 105 # at this machine for those services. 106 ############ 107 108 # set these to your outside interface network and netmask and ip --- 49 unchanged lines hidden --- | 98 99 ############ 100 # This is a prototype setup for a simple firewall. Configure this machine 101 # as a named server and ntp server, and point all the machines on the inside 102 # at this machine for those services. 103 ############ 104 105 # set these to your outside interface network and netmask and ip --- 49 unchanged lines hidden --- |