Changeset 8312 for 2.0/nanobsd
- Timestamp:
- Aug 11, 2010, 8:40:26 PM (14 years ago)
- File:
-
- 1 edited
-
2.0/nanobsd/nanobsd/files/etc/ipfw.sh (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
2.0/nanobsd/nanobsd/files/etc/ipfw.sh
r8026 r8312 1 #!/bin/sh - 2 # Based on /etc/rc.firewall 3 4 # Suck in the configuration variables. 5 if [ -z "${source_rc_confs_defined}" ]; then 6 if [ -r /etc/defaults/rc.conf ]; then 7 . /etc/defaults/rc.conf 8 source_rc_confs 9 elif [ -r /etc/rc.conf ]; then 10 . /etc/rc.conf 11 fi 12 fi 13 14 setup_loopback () { 15 ############ 16 # Only in rare cases do you want to change these rules 17 # 18 ${fwcmd} add 100 pass all from any to any via lo0 19 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 20 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any 21 } 22 23 ############ 24 # Set quiet mode if requested 25 # 26 case ${firewall_quiet} in 27 [Yy][Ee][Ss]) 28 fwcmd="/sbin/ipfw -q" 29 ;; 30 *) 31 fwcmd="/sbin/ipfw" 32 ;; 33 esac 34 35 ############ 36 # Flush out the list before we begin. 37 # 38 ${fwcmd} -f flush 39 40 setup_loopback 41 42 ############ 43 44 # By default no firewalling 45 ${fwcmd} add 65000 pass all from any to any 46 47 48 ############ 49 # Inbound NAT setup 50 ${fwcmd} add nat 100 all from any to 172.16.0.0/12 via $internalif 51 ${fwcmd} nat 100 config if $internalif 52 53 ############ 54 # Transproxy/WLportal/Captive portal 55 # ${fwcmd} add 10000 allow tcp from any to localhost 80 56 # ${fwcmd} add 10001 allow tcp from any to me 80 57 58 ############ 59 # Reserved: WLPortal rule numbers 60 # 10010 - 10099 61 62 # Forward rules work without a base address, so needed a loop over all inet4 adresses 63 # for IP in `ifconfig -a | awk '/inet / {print $2}'`; do 64 # ${fwcmd} add 10100 fwd $IP,8081 tcp from any to not 172.16.0.0/12 80 65 # done 1 #!/bin/sh - 2 # Based on /etc/rc.firewall 3 4 # Suck in the configuration variables. 5 if [ -z "${source_rc_confs_defined}" ]; then 6 if [ -r /etc/defaults/rc.conf ]; then 7 . /etc/defaults/rc.conf 8 source_rc_confs 9 elif [ -r /etc/rc.conf ]; then 10 . /etc/rc.conf 11 fi 12 fi 13 14 setup_loopback () { 15 ############ 16 # Only in rare cases do you want to change these rules 17 # 18 ${fwcmd} add 100 pass all from any to any via lo0 19 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 20 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any 21 } 22 23 ############ 24 # Set quiet mode if requested 25 # 26 case ${firewall_quiet} in 27 [Yy][Ee][Ss]) 28 fwcmd="/sbin/ipfw -q" 29 ;; 30 *) 31 fwcmd="/sbin/ipfw" 32 ;; 33 esac 34 35 ########### 36 # Set Internal/External Interface 37 # 38 driver=`echo ${internalif} | sed 's/[0-9]*//g'` 39 seq=`echo ${internalif} | sed 's/[a-zA-Z]*//g'` 40 41 if [ ${seq} = 0 ]; then 42 seq=`expr ${seq} \+ 1` 43 else 44 seq=`expr ${seq} \- 1` 45 fi 46 47 externalif="$driver$seq" 48 49 ############ 50 # Flush out the list before we begin. 51 # 52 ${fwcmd} -f flush 53 54 setup_loopback 55 56 ############ 57 58 ############# 59 # Outbound NAT setup 60 ${fwcmd} add nat 100 all from 172.16.0.0/12 to any via $externalif 61 ${fwcmd} nat 100 config if $externalif 62 63 ############ 64 # Inbound NAT setup 65 ${fwcmd} add nat 200 all from any to 172.16.0.0/12 via $internalif 66 ${fwcmd} nat 200 config if $internalif 67 68 # WL -> Internet 69 # HTTP 70 ${fwcmd} add 3001 allow tcp from 172.16.0.0/12 to any 80 71 # HTTPS 72 ${fwcmd} add 3002 allow tcp from 172.16.0.0/12 to any 443 73 74 # Allow anything originating from me 75 ${fwcmd} add 4001 allow ip from me to any 76 77 # Allow on any interface 78 # Allow SSH 79 ${fwcmd} add 5001 allow tcp from any to me 22 80 81 # Allow on internal interface 82 # DNS 83 ${fwcmd} add 6001 allow ip from any to me 53 via $internalif 84 85 # NTP 86 ${fwcmd} add 6002 allow udp from any to me 123 via $internalif 87
Note:
See TracChangeset
for help on using the changeset viewer.
