Changeset 8336

Timestamp:

Aug 13, 2010, 3:47:49 PM (15 years ago)

Author:

richardvm

Message:

Maximum of 10 connections, 1 is not enough (wirelessleiden.nl can't be loaded), 10 gives no problems for me browsing the internet

File:

• 2.0/nanobsd/nanobsd/files/etc/ipfw.sh (modified) (4 diffs)

2.0/nanobsd/nanobsd/files/etc/ipfw.sh

@@ -1 @@
-#!/bin/sh -
-# Based on /etc/rc.firewall
+sed on /etc/rc.firewall
+
+allowed2internet="80,443"
+maxconnections="10"
 
 # Suck in the configuration variables.
@@ -48 +50 @@
 
 # Get public ip
-$externalip=`ifconfig $externalif | awk '/inet/ { print $2 }'`
+externalip=`ifconfig $externalif | awk '/inet/ { print $2 }'`
 ############
 # Flush out the list before we begin.
@@ -61 +63 @@
 #############
 # Outbound NAT setup
-${fwcmd} add nat 100 all from 172.16.0.0/12 to any via $externalif
-${fwcmd} add nat 100 all from any to 192.168.58.2 via $externalif
+${fwcmd} add nat 100 all from 172.16.0.0/12 to any out via $externalif
+${fwcmd} add nat 100 all from any to $externalip in via $externalif
 ${fwcmd} nat 100 config if $externalif
 
@@ -72 +74 @@
 # WL -> Internet
 # Stateful firewalling
+
 ${fwcmd} add 3000 check-state
 # HTTP
-${fwcmd} add 3001 allow tcp from 172.16.0.0/12 to any 80 in via $internalif setup keep-state
+${fwcmd} add 3001 allow tcp from 172.16.0.0/12 to any $allowed2internet in via $internalif setup limit src-addr $maxconnections
 # HTTPS
-${fwcmd} add 3002 allow tcp from 172.16.0.0/12 to any 443 in via $internalif setup keep-state
 
 # Allow anything originating from me