As per the developers handbook (5.3.1 step 1), prepare the vendor trees for

import of new ipfilter vendor sources by flattening them.

To keep the tags consistent with dist, the tags are also flattened.

Approved by:	glebius (Mentor)

1 files changed, 0 insertions, 465 deletions

diff --git a/contrib/ipfilter/IPF.KANJI b/contrib/ipfilter/IPF.KANJI
deleted file mode 100644
index 85af5ce..0000000
--- a/contrib/ipfilter/IPF.KANJI
+++ /dev/null
@@ -1,465 +0,0 @@
-IP filter $B%7%g!<%H%,%$%I(B					Dec, 1999
-
-$B%[!<%`%Z!<%8(B:	http://coombs.anu.edu.au/~avalon/ip-filter.html
-FTP:		ftp://coombs.anu.edu.au/pub/net/ip-filter/
-
-					$B30;3(B $B=c@8(B <sumio@is.s.u-tokyo.ac.jp>
-					$B;3K\(B $BBY1'(B <ymmt@is.s.u-tokyo.ac.jp>
-
------
-$B$O$8$a$K(B
-
-IP filter $B$r(B gateway $B%^%7%s$K%$%s%9%H!<%k$9$k$3$H$G%Q%1%C%H%U%#(B
-$B%k%?%j%s%0$r9T$&$3$H$,$G$-$^$9!#(B
-
-$B%$%s%9%H!<%k$NJ}K!$O!"(BINSTALL$B$K=q$$$F$"$k$N$G!"$=$A$i$r;2>H$7$F(B
-$B$/$@$5$$!#(BIP filter $B$N%P!<%8%g%s(B 3.3.5 $B$O!"(B
-	     Solaris/Solaris-x86 2.3 - 8 (early access)
-	     SunOS 4.1.1 - 4.1.4
-	     NetBSD 1.0 - 1.4
-	     FreeBSD 2.0.0 - 2.2.8
-	     BSD/OS-1.1 - 4
-             IRIX 6.2
-$B$GF0:n$9$k$3$H$,3NG'$5$l$F$$$^$9!#(B
-
-$B$J$*!"(B64 bit kernel $B$NAv$C$F$k(B Solaris7 $B%^%7%s$G$O!"(Bgcc $B$H$+$G%3(B
-$B%s%Q%$%k$7$?(B kernel driver $B$OF0:n$7$^$;$s!#(B
-
-$B$=$N$h$&$J>l9g$K$O!"(Bprecompiled binary $B$r(B
-ftp://coombs.anu.edu.au/pub/net/ip-filter/ip_fil3.3.2-sparcv9.pkg.gz
-(1999$BG/(B12$B7n(B14$BF|8=:_!"$^$@(B3.3.5$B$O%Q%C%1!<%8$K$J$C$F$$$^$;$s(B)
-$B$+$i<h$C$F$/$k$+!"(BWorkshop Compiler 5.0 $B$G%3%s%Q%$%k$7$F(B 64bit
-driver $B$r:n$C$F$/$@$5$$!#(B
-
------
-$B@_Dj%U%!%$%k$N5-=RJ}K!(B
-
-IP filter$B$N@_Dj$O!V$I$N%"%I%l%9!W$N!V$I$N%]!<%H!W$+$i!V$I$N%"%I(B
-$B%l%9!W$N!V$I$N%]!<%H!W$X$N%Q%1%C%H$r(B block $B$9$k$+(B pass $B$9$k$+!"(B
-$B$r;XDj$9$k$3$H$G9T$$$^$9!#(B
-
-$B0J2<$NNc$G$O!"2f!9$,4IM}$7$F$$$k%5%V%M%C%H$h$j30$+$iFb$N%"%/%;%9(B
-$B$O!"0lIt$N%^%7%s$r=|$$$F$OA4$F%V%m%C%/$7!"Fb$+$i30$X$N%"%/%;%9$O!"(B
-$B86B'$H$7$FA4$FAGDL$7$9$k%]%j%7!<$G5-=R$5$l$F$$$^$9!#(B
-
-$B0J2<!"4IM}$7$F$$$k%5%V%M%C%H$r(B
-	123.45.1.0/24
-$B$H$7$FNc$r<($7$^$9!#(B24$B$O%5%V%M%C%H%^%9%/$G$9!#(B
-
-$B$^$?!"(Bgateway $B$O(B
-	123.45.1.111	(hme0)
-$B$,(B LAN$BB&$N%$%s%?!<%U%'!<%9!"(B
-	123.45.2.10	(hme1)
-$B$,30B&$N%$%s%?!<%U%'!<%9$H$7$^$9!#(B
-
-
-===================== $B$3$3$+$i(B ====================
-########## quickly deny malicious packets
-#
-block in quick from any to any with short
-block in log quick from any to any with ipopts
-===================== $B$3$3$^$G(B ====================
-
-$B$^$:$O$3$N%k!<%k$G!"IT@5$J%Q%1%C%H$r$O$M$^$9!#(Bblock $B$O(B block $B$9(B
-$B$k0UL#$G!"H?BP$KDL$9>l9g$O(B pass $B$H$J$j$^$9!#(B
-
-log $B$H$$$&$N$O!"$3$N%k!<%k$K%^%C%A$9$k%Q%1%C%H$N%m%0$r<h$k;X<($G(B
-$B$9!#%m%0$O(B /dev/ipl $B$H$$$&%G%P%$%9%U%!%$%k$+$i%"%/%;%9$G$-$^$9$,!"(B
-$B$3$N%G%P%$%9$O(B bounded buffer $B$J$N$G!"$"$kDxEY0J>e$N%m%0$O>C$($F(B
-$B$7$^$$$^$9!#(B
-
-/dev/ipl $B$NFbMF$rFI$_=P$9$K$O(B ipmon $B$H$$$&%W%m%0%i%`$r;H$$$^$9!#(B
-ipmon $B$O(B stdout, syslog, $B$b$7$/$ODL>o$N%U%!%$%k$K%m%0$r=PNO$7$^(B
-$B$9!#5/F0;~$K(B ipmon $B$rN)$A>e$2$k$J$i!"<!$N$h$&$J9T$r(B rc $B%U%!%$%k(B
-$B$K=q$/$H$h$$$G$7$g$&!#(B
-
-ipmon -n -o I ${IPMONLOG} < /dev/null > /dev/null 2>&1 &
-
-${IPMONLOG} $B$OE,Ev$J%U%!%$%kL>$KCV49$7$F$/$@$5$$!#(Bsyslog $B$K=PNO(B
-$B$9$k>l9g$O!"(B-s $B%*%W%7%g%s$rIU$1$^$9!#(Bsyslog $B$K=PNO$9$k>l9g!"(B
-local0.info $B$r5-O?$9$k$h$&$K(B syslog.conf $B$rJT=8$7$F$/$@$5$$!#(B
-$BNc$($P!"(B
-
-local0.info			ifdef(`LOGHOST', /var/log/syslog, @loghost)
-
-
-quick $B$H$$$&$N$O!"$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$O0J9_$N%k!<%k$r(B
-$BD4$Y$:$K!"%"%/%7%g%s(B(block or pass)$B$K=>$o$;$k$H$$$&$b$N$G$9!#$?(B
-$B$@$7!"Nc30$,$"$j$^$9!#8e=R$7$^$9!#(B
-
-
-===================== $B$3$3$+$i(B ====================
-########## group setup
-#
-block in on hme1 all head 100
-block out on hme1 all head 150
-pass in quick on hme0 all
-pass out quick on hme0 all
-===================== $B$3$3$^$G(B ====================
-
-$B<!$K@)8f$r$+$1$k%$%s%?!<%U%'!<%9Kh$K%Q%1%C%H$KE,MQ$9$k%k!<%k$rJ,(B
-$BN`$7$^$9!#(Bhme0 $B$O(B LAN $BB&$N%$%s%?!<%U%'!<%9$J$N$G!"B(:B$K5v2D(B
-(pass quick)$B$7$F$$$^$9!#(B
-
-all $B$H$$$&$N$O!"(Bfrom any to any $B$N>JN,7A$G$9!#(B
-
-$B30It$H$N%$%s%?!<%U%'!<%9$G$"$k(B hme1 $B$O(B incoming $B$H(B outgoing $B$G!"(B
-$B$=$l$>$l(B group 100 $BHV$H(B 150 $BHV$KJ,N`$7$^$9!#(Bhead $B$H$$$&$N$O!"$3(B
-$B$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$r<!$NHV9f$N%0%k!<%W$KJ,N`$9$k$H$$$&(B
-$B0UL#$G$9!#(B
-
-
-===================== $B$3$3$+$i(B ====================
-########## deny IP spoofing
-#
-block in log quick from 127.0.0.0/8 to any group 100
-block in log quick from 123.45.2.10/32 to any group 100
-block in log quick from 123.45.1.111/24 to any group 100
-#
-########## deny reserved addresses
-#
-block in log quick from 10.0.0.0/8 to any group 100
-block in log quick from 192.168.0.0/16 to any group 100
-block in log quick from 172.16.0.0/12 to any group 100
-#
-===================== $B$3$3$^$G(B ====================
-
-IP $B%"%I%l%9$r2~cb$7$?%Q%1%C%H$rB(:B$K5qH]$7$F$$$^$9!#KvHx$N(B 
-group 100 $B$H$$$&$N$O(B head 100 $B$GJ,N`$5$l$?%Q%1%C%H$K$N$_%^%C%A$9(B
-$B$k%k!<%k$H$$$&0UL#$G$9!#(B
-
------
-$B$3$3$^$G$G!"4pK\E*$K(BLAN$BFb$NDL?.$OAGDL$7$@$,30It$H$NDL?.$O%G%U%)(B
-$B%k%H$G0l@Z6X;_$H$$$&@_Dj$K$J$j$^$9!#0J9_$G$O!"$=$N%G%U%)%k%H$KBP(B
-$B$9$kNc30$H$$$&7A$G!"DL$7$?$$%Q%1%C%H$r5-=R$7$F$$$-$^$9!#(B
-
-$B$^$:!"FbIt$+$i30It$X$N@\B3$K4X$9$k@_Dj$r$7$^$9!#(B
-===================== $B$3$3$+$i(B ====================
-########## OUTGOING
-#
-## allow ping out
-#
-pass out quick proto icmp from any to any keep state group 150
-#
-## allow all outgoing UDP packets except for netbios ports (137-139).
-#
-pass out quick proto udp from any to any keep state head 160 group 150
-block out log quick proto udp from any to any port 136 >< 140 group 160
-#
-## pass all TCP connection setup packets except for netbios ports (137-139).
-#
-pass out quick proto tcp from any to any flags S/SAFR keep state head 170 group 150
-block out log quick proto tcp from any to any port 136 >< 140 group 170
-===================== $B$3$3$^$G(B ====================
-
-$B$3$l$O4pK\E*$KA4$F$N%Q%1%C%H$r5v$9%k!<%k$G$9!#$7$+$7!"(Bnetbios
-(137-139/udp, tcp)$B$N%]!<%H$@$1$O6X;_$7$F$$$^$9!#(Bnetbios$B$O(B Windows
-$B$N%U%!%$%k6&M-$G;H$o$l$k%]!<%H$G!"$3$N%]!<%H$,3+$$$F$$$k$H!"(B
-Windows$B$N@_Dj$K$h$C$F$O!"@$3&Cf$+$i%U%!%$%k$rFI$_=q$-$G$-$k(B
-$B62$l$,$"$j$^$9!#(B
-
-$B$3$3$G!"4JC1$K=q<0$r8+$F$*$/$H!"(B
-* $B:G=i$NC18l$G!"(Bblock$B$9$k$+(Bpass$B$9$k$+;XDj$9$k(B
-* proto $B$N8e$NC18l$G!"(Bprotocol$B$r;XDj$9$k(B(udp, tcp, icmp, etc.)$B!#(B
-* from A to B $B$G!"$I$3$+$i$I$3$X$N%Q%1%C%H$+$r;XDj$9$k(B
-* head XXX$B$r;XDj$9$k$H!"$=$N9T$G;XDj$5$l$"$?%Q%1%C%H$O!"(Bgroup
-  XXX$B$H$7$F;2>H$G$-$k(B
-* group$B$r;XDj$9$k$3$H$G!"5,B'$rE,MQ$9$k8uJd$r(B($BM=$a(Bhead$B$G@_Dj$7$?(B)
-  group$B$K8BDj$G$-$k!#(B
-
-$B$^$?!"(Bfrom A to B$B$N(BA$B$d(BB$B$O!"(BIP$B%"%I%l%9$H(Bport$B$r=q$/$3$H$,$G$-$^$9!#(B
-     from any to any port 136 >< 140
-$B$H$$$&$N$O!"(B
-  $B!VG$0U$N%]!<%H$NG$0U$N%"%I%l%9$+$i!"(B137$BHV$+$i(B139$BHV%]!<%H$NG$0U$N(B
-    $B%"%I%l%9$X$N%Q%1%C%H!W(B
-$B;XDj$7$F$$$k$3$H$K$J$j$^$9!#$^$?!"HV9f$NBe$o$j$K(B/etc/service$B$K5-(B
-$B=R$5$l$F$$$k%5!<%S%9L>$r5-=R$9$k$3$H$b$G$-$^$9!#(B
-$B$?$H$($P(B
-      from any to any port = telnet
-$B$H(B
-      from any to any port = 23
-$B$OF1$80UL#$H$J$j$^$9!#(B
-
-$B$5$F!"$3$3$G(B quick $B$NNc30$r@bL@$7$F$*$-$^$9!#(Bquick $B$NIU$$$?(B
-rule $B$,(B head $B$G?7$?$J%0%k!<%W$r:n$k>l9g!"=hM}$O$^$@$3$N;~E@(B
-$B$G$O3NDj$7$^$;$s!#0J9_!"!V(Bhead $B$G@k8@$5$l$?%0%k!<%W$N%k!<%k!W(B
-$B$N$_=hM}$9$k$H$$$&0UL#$K$J$j$^$9!#$G$9$+$i>e$N!"(B
-
-pass out quick proto udp from any to any keep state head 160 group 150
-block out log quick proto udp from any to any port 136 >< 140 group 160
-
-$B$O!"$^$:(B 150$BHV%0%k!<%W$K%^%C%A$9$k(B UDP $B%Q%1%C%H$OAGDL$7(B
-$B$9$k!"$,!"0J2<$N(B 160$BHV$KB0$9$k%k!<%k$r$^$@=hM}$9$k!#(B
-$B$=$7$F(B2$B9TL\$G(B 160$BHV%0%k!<%W$KBP$7$F(B netbios packet $B$r(B
-block $B$7$F$$$kLu$G$9!#(B
-$B0l9TL\$K%^%C%A$7$?%Q%1%C%H$O0J2<$K$b$7(B150$BHV$N%0%k!<%W$N(B
-$B%k!<%k$,$"$C$?$H$7$F$b!"L5;k$9$k$3$H$KCm0U$7$F$/$@$5$$!#(B
-
-----------
-$B<!$K!"30It$+$iFbIt$X$N%"%/%;%9$N@_Dj$r$7$^$9!#(B
-
-* $B%k!<%F%#%s%0>pJs(B(RIP)$B$N%Q%1%C%H$O!"A4It5v$7$^$9!#(B
-pass in quick proto udp from any to any port = 520 keep state group 100
-
-* ICMP$B$N%Q%1%C%H$OA4It5v$7$^$9!#(B
-pass in quick proto icmp from any to any group 100
-
-* $BFbIt$+$i30It$X$N(Bftp$B$r5v$9$?$a$K!"(Bftp-data port$B$+$i0lHL%]!<%H$X(B
-  $B$NG$0U$N@\B3$r<u$1IU$1$^$9!#$3$l$O(Bpassive mode$B$G$J$$(BFTP$B$N5sF0(B
-  $B$G$9!#(B
-pass in quick proto tcp from any port = ftp-data to any port > 1023 flags S/SA keep state group 100
-
-  $B$7$+$7!"$3$l$O0lHL$K8@$C$FB?>/4m81$J9T0Y$G$9!#@\B3$G$-$k$N$,(B
-  1024$BHV0J9_$N0lHL%]!<%H$K8BDj$O$5$l$^$9$,!"$"$^$j$*4+$a$G$-$^$;$s!#(B
-  $B$3$N9T$r2C$($:$K!"(Bpassive mode (ftp $B$G(B pasv $B%3%^%s%I$GF~$l$k(B)
-  $B$G(B FTP $B$r$9$k$3$H$r4+$a$^$9!#$J$*!":G6a$N(B FTP client $B$O:G=i(B
-  $B$+$i(B passive mode $B$KL5>r7o$G$7$F$7$^$&$b$N$,B?$$$h$&$G$9!#(B
-  
-* sendmail$B$d(Bftpd$B$K7R$0$H!"Aj<j$,(Bident$B%]!<%H$X%"%/%;%9$7$F$/$k$3(B
-  $B$H$,$"$k$N$G!"(Bident port$B$r3+$1$^$9!#(Bident $B$ODL>o$O5/F0$5$l$F$$(B
-  $B$J$$(B daemon $B$J$N$G!"AGDL$7$7$F$b%;%-%e%j%F%#%[!<%k$K$J$k$3$H$O$"(B
-  $B$j$^$;$s(B(connection refused$B$K$J$k$@$1$G$9(B)$B!#$3$l$r3+$1$J$$$H!"(B
-  $BAj<jB&$O(B timeout $B$9$k$^$G@h$K?J$^$J$$$N$G!"(BFTP $B$d(B mail $B$NAw?.(B
-  $B$,$d$?$i$KCY$/$J$k$3$H$,$"$j$^$9!#(B
-  $B$b$7(B 113 $BHV%]!<%H$K@\B3$G$-$k$h$&$J$i!"$=$N%5!<%S%9$OB(:B$K(B
-  $BDd;_$9$k$3$H$r4+$a$^$9!#(B
-pass in quick proto tcp from any to any port = 113 flags S/SA keep state group 100
-
-------
-$B<!$K!"30It$+$i(B firewall $B$X$N%"%/%;%9$r5v$9%5!<%S%9$r5-=R$7$F$$$-(B
-$B$^$9!#$^$:$O!"30It$+$i$N@\B3$r5v$7$?$$%[%9%H$K$D$$$F!"%0%k!<%WHV(B
-$B9f$r$D$1$^$9!#(B
-
-===================== $B$3$3$+$i(B ====================
-## grouping by host
-block in log quick proto tcp from any to 123.45.1.X flags S/SA head 110 group 100
-block in log quick proto tcp from any to 123.45.1.Y flags S/SA head 111 group 100
-===================== $B$3$3$^$G(B ====================
-
-$B$3$l$G!"(B
-	$B30It$+$i(B 123.45.1.X $B$X$N@\B3$O(B group 110
-        $B30It$+$i(B 123.45.1.Y $B$X$N@\B3$O(B group 111
-$B$G;2>H$9$k$3$H$,$G$-$^$9!#(B
-
-$BB>$K$b5v$7$?$$%[%9%H$rA}$d$7$?$$$H$-$O!">e$HF1MM$K$7$F!"(Bhead$B$N8e(B
-$B$K!"?7$7$$?t;z(B(112, 113$B$J$I(B)$B$r3d$jEv$F$F$/$@$5$$!#(B
-
-$B$b$&0lEYCm0U$7$F$*$-$^$9$,!"(Bquick $B$H(B head $B$,F1;~$K8=$l$k%k!<%k(B
-$B0J9_$G$O!"(Bhead $B$G@k8@$5$l$?%0%k!<%W$N%k!<%k$7$+E,MQ$5$l$J$/$J$j(B
-$B$^$9!#$G$9$+$i!">e$N(B ident $B$d(B ftp data-port $B$N$h$&$K!"FbIt$N(B
-$BA4$F$N%[%9%H$K%^%C%A$9$k%k!<%k$O!"$3$N%[%9%H$K$h$k%0%k!<%WJ,$1(B
-$B$NA0$KCV$/I,MW$,$"$j$^$9!#(B
-
-
-X$B$X$O!"(Btelnet, ftp, ssh $B$r!"(BY$B$X$O!"(Bftp, http, smtp, pop $B$r5v$9$3(B
-$B$H$K$7$^$9!#(B
-
-* X(group 110)$B$X$N(Btelnet$B$r5v$7$^$9(B
-pass in quick proto tcp from any to any port = telnet keep state group 110
-
-* X$B$X$N(Bftp$B$r5v$7$^$9!#(Bftp-data port $B$b3+$1$F$*$-$^$9!#(B
-  ($BI,MW$,$"$k$+$I$&$+3NG'$O$7$F$$$^$;$s$,!"3+$1$F$$$F$b0BA4$G$7$g$&(B)$B!#(B
-pass in quick proto tcp from any to any port = ftp keep state group 110
-pass in quick proto tcp from any to any port = ftp-data keep state group 110
-
-* X$B$X$N(Bssh$B$r5v$7$^$9!#(B
-pass in quick proto tcp from any to any port = 22 keep state group 110
-
-* Y$B$X$N(Bftp$B$r5v$7$^$9!#(B
-pass in quick proto tcp from any to any port = ftp keep state group 111
-pass in quick proto tcp from any to any port = ftp-data keep state group 111
-pass in quick proto tcp from any to any port 2999 >< 3100 keep state group 111
-
-  Y$B$O(B anonoymous ftp $B%5!<%P$r1?1D$7$F$$$k$?$a(B wu-ftpd $B$r;H$C$F$$(B
-  $B$^$9!#(Bwu-ftpd $B$O(B passive mode $B$N(BFTP$B$K$bBP1~$7$F$$$^$9$N$G!"$I(B
-  $B$N%]!<%H$r(BPASV$BMQ$K;H$&$+!"(Bwu-ftpd $B$N@_Dj$K=q$$$F$*$/I,MW$,$"$j(B
-  $B$^$9!#$3$3$G$O(B3000$B$+$i(B3099$BHV%]!<%H$r;HMQ$9$k$h$&$K!"(Bwu-ftpd $B$r(B
-  $B@_Dj$7$F$$$^$9!#(B
-
-  passive FTP $B$K$D$$$F2r@b$7$^$9!#(Bpassive FTP $B$O!"%/%i%$%"%s%H$,(B
-  $B%U%!%$%"%&%)!<%k$NFbB&$K$$$k>l9g$N$?$a$K3+H/$5$l$?%W%m%H%3%k$G(B
-  $B$9!#%G%U%)%k%H$G$O>e$G@bL@$7$?$h$&$K!"%G!<%?E>Aw$N$?$a!"%5!<%P(B
-  $B$N(B ftp-data port $B$+$i%/%i%$%"%s%H$K@\B3$,$$$-$^$9!#(B
-
-  passive FTP $B$G$O!"%G!<%?E>Aw$b(B client $B$+$i%5!<%P$K@\B3$9$k$h$&(B
-  $B$K$J$j$^$9!#$=$N:]!"%5!<%P$OE,Ev$J%]!<%HHV9f$r3d$j?6$C$F!"$=$3(B
-  $B$K%/%i%$%"%s%H$,@\B3$9$k$h$&;X<($7$^$9!#(B
-
-  $B$3$N$?$a!"%5!<%P$,%U%!%$%"%&%)!<%kFb$K$$$k>l9g!"E,Ev$J%]!<%HHV(B
-  $B9f$O%U%!%$%"%&%)!<%k$G$O$M$i$l$F$7$^$$$^$9!#$=$3$G!"(Bwu-ftpd $B$N(B
-  $B@_Dj$G!"3d$j?6$k%]!<%HHV9f$NHO0O$r8BDj$7$F!"$=$3$@$1%U%!%$%"(B
-  $B%&%)!<%k$K7j$r3+$1$F$$$k$o$1$G$9!#(Bwu-ftpd $B$N>l9g$O!"(Bftpaccess
-  $B$H$$$&%U%!%$%k$K(B
-
-  # passive ports <cidr> <min> <max>
-  passive ports 0.0.0.0/0 3000 3099
-
-  $B$HDI2C$9$k$3$H$G@_Dj$G$-$^$9!#(Bftpaccess(5)$B$r;2>H$7$F$/$@$5$$!#(B
-
-* Y$B$X$N(Bhttp$B$r5v$7$^$9!#(B
-pass in quick proto tcp from any to any port = 80 keep state group 111
-
-* Y$B$X$N(Bsmtp$B$r5v$7$^$9!#(B
-pass in quick proto tcp from any to any port = smtp keep state group 111
-
-* Y$B$X$N(Bpop$B$r5v$7$^$9!#(B
-pass in quick proto tcp from any to any port = 110 keep state group 111
-
-$B0J>e$N@_Dj$K$h$j!"(BX, Y $B0J30$N%^%7%s$X$N!"30It$+$i$N@\B3$O!"0l@Z(B
-$B9T$($J$/$J$j$^$9$N$G!"(Bremote exploit $BBP:v$O!"(BX, Y $B$K$N$_9T$($P$h(B
-$B$/$J$j!"4IM}$N<j4V$,7Z8:$G$-$^$9!#(B
-
-$BB>$N%W%m%H%3%k$rDL$9>l9g$b!">e$r;29M$K$7$FDL$7$?$$%]!<%HHV9f$r=q(B
-$B$/$@$1$G$9$,!"$$$/$D$+Cm0UE@$,$"$j$^$9!#0J2<$bL\$rDL$7$F$/$@$5$$!#(B
-
------
-$B$=$NB>$NCm0U(B
-
-1) gateway $B%^%7%s$N$h$&$K!"J#?t$N(BIP$B%"%I%l%9$r;}$D%^%7%s$G%5!<%S(B
-$B%9$rN)$A>e$2$k>l9g$O!"$=$l$>$l$N(BIP$B%"%I%l%9$KBP$7$F!"(Bport $B$r3+$/(B
-$BI,MW$,$"$j$^$9!#Nc$($P(B X $B$,(B IP:a $B$H(B IP:b $B$r;}$D$J$i!"(Bgroup $B$O(B a,
-b $B$=$l$>$lMQ0U$7$F!"N>J}$N%0%k!<%WMQ$K(B rule $B$rDI2C$9$kI,MW$,$"$j(B
-$B$^$9!#0J2<$NNc$G$O!"%2!<%H%&%'%$%^%7%s(B(123.45.2.10$B$H(B123.45.1.111
-$B$N(BIP$B$r;}$D(B)$B$K(BNNTP$B%5!<%P$rN)$F$F$$$^$9!#(B
-
-($BNc(B)
-#### grouping by host
-block in log quick proto tcp from any to 123.45.2.10 flags S/SA head 112 group 100
-block in log quick proto tcp from any to 123.45.1.111 flags S/SA head 113 group 100
-#### allow NNTP
-pass in quick proto tcp from any to any port = nntp keep state group 112
-pass in quick proto tcp from any to any port = nntp keep state group 113
-
-gateway $B$,(B2$B$D0J>e$"$k%M%C%H%o!<%/$G$O!"N>J}$N(B gateway $B$K(B IP
-filter $B$,I,MW$K$J$j!"@_Dj$O99$KJ#;($K$J$j$^$9!#$=$N$h$&$J4D6-$N(B
-$B>l9g$K$O!"%^%K%e%"%k$rFI$s$G8!F$$7$F$/$@$5$$!#(B
-
-2) NFS$B$H(Brsh$B$O%W%m%H%3%k$N4X78>e!"(Bfirewall$BD6$($OIT2DG=$G$9!#(B
-   NFS$B$NBeBX$K$D$$$F$OITL@$G$9$,!"(Brsh$B$NBeBX$H$7$F$O(Bssh$B$,;H$($^$9!#(B
-
-3) $B30It$N(BX client $B$r!"%U%!%$%"%&%)!<%kFb$N(BX$B%5!<%P$K@\B3$5$;$?$$!"(B
-   $B$H$$$&$N$O(B FAQ $B$N0l$D$G$9!#$*4+$a$N2r7h:v$O!"(Bssh $B$N(B X forwarding
-   $B5!9=$r;H$&$3$H$G$9!#(Bssh$B$G@\B3$G$-$k$J$i$P!"$3$l$O40A4$K(B secure
-   $B$GHFMQE*$JJ}K!$G$9!#(B
-
-$B$=$l$,=PMh$J$$>l9g$O!"2f!9$O@\B3$5$;$?$$%[%9%H$N%Z%"$r%f!<%6$KJs(B
-$B9p$7$F$b$i$C$F!"0J2<$N$h$&$J%k!<%k$rDI2C$7$F$$$^$9!#(B
-# X:0 $B$O(B tcp:6000 $BHV$K$J$j$^$9!#(B
-
-# 123.45.1.Z:0 (server) <-> A.B.C.D (client)
-pass in quick proto tcp from A.B.C.D port > 1023 to 123.45.1.Z port = 6000 flags S/SA keep state group 100
-
------
-$B:G8e$K!";D$k%Q%1%C%H$OA4$F%V%m%C%/$5$l$kLu$G$9$,!"$=$l$K$D$$$F$N(B
-$BA4$F$N%m%0$r;D$9$3$H$r4uK>$9$k>l9g!"<!$N%k!<%k$r!VI,$::G8e$K!W2C(B
-$B$($^$9!#(B
-
-## log blocked packets
-block in log quick from any to 123.45.1.111/24 group 100
-block in log quick from any to 123.45.2.10 group 100
-
-------
-$B:#Kx$N@_Dj$r$R$H$D$K$^$H$a$?%U%!%$%k$r:G8e$KE:IU$7$^$9!#(B
-
-===================== $B$3$3$+$i(B ====================
-########## Packet Filtering Rules for 123.45.1. ##########
-#
-# The following routes should be configured, if not already:
-#
-# route add 123.45.1.111 localhost 0 (hme0)	(LAN)
-# route add 123.45.2.10 localhost 0   (hme1)	(upstream)
-#
-########## quickly deny malicious packets
-#
-block in quick from any to any with short
-block in log quick from any to any with ipopts
-#
-########## group setup
-#
-block in on hme1 all head 100
-block out on hme1 all head 150
-pass in quick on hme0 all
-pass out quick on hme0 all
-#
-########## deny IP spoofing
-#
-block in log quick from 127.0.0.0/8 to any group 100
-block in log quick from 123.45.2.10/32 to any group 100
-block in log quick from 123.45.1.111/24 to any group 100
-#
-########## deny reserved addresses
-#
-block in log quick from 10.0.0.0/8 to any group 100
-block in log quick from 192.168.0.0/16 to any group 100
-block in log quick from 172.16.0.0/12 to any group 100
-#
-########## OUTGOING
-#
-## allow ping out
-pass out quick proto icmp from any to any keep state group 150
-#
-## allow all outgoing UDP packets except for netbios ports (137-139).
-#
-pass out quick proto udp from any to any keep state head 160 group 150
-block out log quick proto udp from any to any port 136 >< 140 group 160
-#
-## pass all TCP connection setup packets except for netbios ports (137-139).
-#
-pass out quick proto tcp from any to any flags S/SAFR keep state head 170 group 150
-block out log quick proto tcp from any to any port 136 >< 140 group 170
-#
-######### INCOMING
-## ICMP
-pass in quick proto icmp from any to any group 100
-## RIP
-pass in quick proto udp from any to any port = 520 keep state group 100
-## FTP
-pass in quick proto tcp from any port = ftp-data to any port > 1023 flags S/SA keep state group 100
-## IDENT
-pass in quick proto tcp from any to any port = 113 flags S/SA keep state group 100
-#
-## grouping by host (112 & 113 is the gateway address)
-block in log quick proto tcp from any to 123.45.1.X flags S/SA head 110 group 100
-block in log quick proto tcp from any to 123.45.1.Y flags S/SA head 111 group 100
-block in log quick proto tcp from any to 123.45.2.10 flags S/SA head 112 group 100
-block in log quick proto tcp from any to 123.45.1.111 flags S/SA head 113 group 100
-#
-## telnet, ftp, ssh, www, smtp, pop
-pass in quick proto tcp from any to any port = telnet keep state group 110
-pass in quick proto tcp from any to any port = ftp keep state group 110
-pass in quick proto tcp from any to any port = ftp-data keep state group 110
-pass in quick proto tcp from any to any port = 22 keep state group 110
-pass in quick proto tcp from any to any port = ftp keep state group 111
-pass in quick proto tcp from any to any port = ftp-data keep state group 111
-pass in quick proto tcp from any to any port 2999 >< 3100 keep state group 111
-pass in quick proto tcp from any to any port = 80 keep state group 111
-pass in quick proto tcp from any to any port = smtp keep state group 111
-pass in quick proto tcp from any to any port = 110 keep state
-group 111
-#
-## allow NNTP on the gateway
-pass in quick proto tcp from any to any port = nntp keep state group 112
-pass in quick proto tcp from any to any port = nntp keep state group 113
-#
-## X connections
-# 123.45.1.Z:0 (server) <-> A.B.C.D (client)
-pass in quick proto tcp from A.B.C.D port > 1023 to 123.45.1.Z port = 6000 flags S/SA keep state group 100
-#
-## log blocked packets
-## THIS MUST BE THE LAST RULE!
-block in log quick from any to 123.45.1.111/24 group 100
-block in log quick from any to 123.45.2.10 group 100
-===================== $B$3$3$^$G(B ====================
-
-----
-$B$3$NJ8=q$N<h$j07$$$K$D$$$F(B
-Copyright (C) 1999 TOYAMA Sumio <sumio@is.s.u-tokyo.ac.jp>
-                   and YAMAMOTO Hirotaka <ymmt@is.s.u-tokyo.ac.jp>
-
-THIS DOCUMENT IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.
-
-Permission to modify this document and to distribute it is hereby
-granted, as long as above notices and copyright notice are retained.