Changeset 8335 for 2.0

Timestamp:

Aug 13, 2010, 3:23:12 PM (14 years ago)

Author:

richardvm

Message:

OK: Stupid didn't see the explicit allow

File:

• 2.0/nanobsd/nanobsd/files/etc/ipfw.sh (modified) (3 diffs)

2.0/nanobsd/nanobsd/files/etc/ipfw.sh

@@ -4 +4 @@
 # Suck in the configuration variables.
 if [ -z "${source_rc_confs_defined}" ]; then
-        if [ -r /etc/defaults/rc.conf ]; then
-                . /etc/defaults/rc.conf
-                source_rc_confs
-        elif [ -r /etc/rc.conf ]; then
-                . /etc/rc.conf
-        fi
+        if [ -r /etc/defaults/rc.conf ]; then
+                . /etc/defaults/rc.conf
+                source_rc_confs
+        elif [ -r /etc/rc.conf ]; then
+                . /etc/rc.conf
+        fi
 fi
 
 setup_loopback () {
-        ############
-        # Only in rare cases do you want to change these rules
-        #
-        ${fwcmd} add 100 pass all from any to any via lo0
-        ${fwcmd} add 200 deny all from any to 127.0.0.0/8
-        ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
+        ############
+        # Only in rare cases do you want to change these rules
+        #
+        ${fwcmd} add 100 pass all from any to any via lo0
+        ${fwcmd} add 200 deny all from any to 127.0.0.0/8
+        ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
 }
 
@@ -26 +26 @@
 case ${firewall_quiet} in
 [Yy][Ee][Ss])
-        fwcmd="/sbin/ipfw -q"
-        ;;
+        fwcmd="/sbin/ipfw -q"
+        ;;
 *)
-        fwcmd="/sbin/ipfw"
-        ;;
+        fwcmd="/sbin/ipfw"
+        ;;
 esac
 
@@ -92 +92 @@
 ${fwcmd} add 6002 allow udp from any to me 123 via $internalif
 
+# Block anything else
+${fwcmd} add 65000 deny ip from any to any