Changeset 8395 for 2.0/nanobsd

Timestamp:

Aug 26, 2010, 8:08:05 PM (14 years ago)

Author:

richardvm

Message:

block local network

File:

• 2.0/nanobsd/nanobsd/files/etc/ipfw.sh (modified) (2 diffs)

2.0/nanobsd/nanobsd/files/etc/ipfw.sh

@@ -61 +61 @@
 
 ############
+# Block the hosters network (and maybe others)
+
+for IP in ${firewall_block}
+do
+  ${fwcmd} add deny ip from any to ${IP} in via $internalif
+done
 
 #############
 # Outbound NAT setup
+
 ${fwcmd} add nat 100 all from 172.16.0.0/12 to any out via $externalif
 ${fwcmd} add nat 100 all from any to $externalip in via $externalif
 ${fwcmd} nat 100 config if $externalif
 
-############
-# Inbound NAT setup
-# ${fwcmd} add nat 200 all from any to 172.16.0.0/12 via $internalif
-# ${fwcmd} nat 200 config if $internalif
-
+#############
 # WL -> Internet
 # Stateful firewalling
@@ -98 +101 @@
 ${fwcmd} add 6003 allow tcp from any to me 3128 via $internalif keep-state
 
+# lvrouted
+${fwcmd} add 6004 allow udp from 172.16.0.0/12 to me 12345 via $internalif keep-state
+
 # Block anything else
 ${fwcmd} add 65000 deny ip from any to any
+