diff options
author | peter <peter@FreeBSD.org> | 1997-11-16 04:52:19 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1997-11-16 04:52:19 +0000 |
commit | 594e73c3109178aa1c5317785aaa284a0c135ff4 (patch) | |
tree | 1abde20e1d717a2bf3509de2189cbe7fa3c9f91e /contrib/ipfilter/mkfilters | |
parent | c4dc16ff2222e864e5ab4d236e0de3a2cb5b54da (diff) | |
download | FreeBSD-src-594e73c3109178aa1c5317785aaa284a0c135ff4.zip FreeBSD-src-594e73c3109178aa1c5317785aaa284a0c135ff4.tar.gz |
Import ipfilter 3.2.1 (update from 3.1.8)
Diffstat (limited to 'contrib/ipfilter/mkfilters')
-rw-r--r-- | contrib/ipfilter/mkfilters | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/contrib/ipfilter/mkfilters b/contrib/ipfilter/mkfilters index 4cd7059..53c9a7f 100644 --- a/contrib/ipfilter/mkfilters +++ b/contrib/ipfilter/mkfilters @@ -46,19 +46,27 @@ print "#\n"; print "block in log quick from any to any with ipopts\n"; print "block in log quick proto tcp from any to any with short\n"; +$grpi = 0; + foreach $i (keys %ifaces) { if (!defined($inet{$i})) { next; } + + $grpi += 100; + $grpo = $grpi + 50; + if ($i !~ /lo/) { - print "block in on $i from 127.0.0.0/8 to any\n"; - print "block out on $i from 127.0.0.0/8 to any\n"; - print "block out on $i from any to 127.0.0.0/8\n"; - print "block in on $i from $inet{$i}/32 to any\n"; - print "block out on $i from any to $inet{$i}/32\n"; + print "pass out on $i all head $grpo\n"; + print "block out from 127.0.0.0/8 to any group $grpo\n"; + print "block out from any to 127.0.0.0/8 group $grpo\n"; + print "block out from any to $inet{$i}/32 group $grpo\n"; + print "pass in on $i all head $grpi\n"; + print "block in from 127.0.0.0/8 to any group $grpi\n"; + print "block in from $inet{$i}/32 to any group $grpi\n"; foreach $j (keys %ifaces) { if ($i ne $j && $j !~ /^lo/ && defined($net{$j})) { - print "block in on $i from $net{$j} to any\n"; + print "block in from $net{$j} to any group $grpi\n"; } } } |