diff options
| author | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
| commit | 672af8808c0e7c15f330b401482f9271c2eb3fa6 (patch) | |
| tree | 225b5acf68c01bc6a260b386c2b2dbf4fa2839e3 /contrib/ipfilter/mkfilters | |
| parent | 71e82d94e82560b20789833f60056506de34de8b (diff) | |
| download | FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.zip FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.tar.gz | |
As per the developers handbook (5.3.1 step 1), prepare the vendor trees for
import of new ipfilter vendor sources by flattening them.
To keep the tags consistent with dist, the tags are also flattened.
Approved by: glebius (Mentor)
Diffstat (limited to 'contrib/ipfilter/mkfilters')
| -rw-r--r-- | contrib/ipfilter/mkfilters | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/contrib/ipfilter/mkfilters b/contrib/ipfilter/mkfilters deleted file mode 100644 index f0e6ff4..0000000 --- a/contrib/ipfilter/mkfilters +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/local/bin/perl -# for best results, bring up all your interfaces before running this - -if ($^O =~ m/^irix/i) -{ - &irix_mkfilters || regular_mkfilters || die $!; -} -else -{ - ®ular_mkfilters || irix_mkfilters || die $!; -} - -foreach $i (keys %ifaces) { - $net{$i} = $inet{$i}."/".$netmask{$i} if (defined($inet{$i})); -} -# -# print out route suggestions -# -print "#\n"; -print "# The following routes should be configured, if not already:\n"; -print "#\n"; -foreach $i (keys %ifaces) { - next if (($i =~ /lo/) || !defined($net{$i}) || defined($ppp{$i})); - print "# route add $inet{$i} localhost 0\n"; -} -print "#\n"; - -# -# print out some generic filters which people should use somewhere near the top -# -print "block in log quick from any to any with ipopts\n"; -print "block in log quick proto tcp from any to any with short\n"; - -$grpi = 0; - -foreach $i (keys %ifaces) { - if (!defined($inet{$i})) { - next; - } - - $grpi += 100; - $grpo = $grpi + 50; - - if ($i !~ /lo/) { - print "pass out on $i all head $grpo\n"; - print "block out from 127.0.0.0/8 to any group $grpo\n"; - print "block out from any to 127.0.0.0/8 group $grpo\n"; - print "block out from any to $inet{$i}/32 group $grpo\n"; - print "pass in on $i all head $grpi\n"; - print "block in from 127.0.0.0/8 to any group $grpi\n"; - print "block in from $inet{$i}/32 to any group $grpi\n"; - foreach $j (keys %ifaces) { - if ($i ne $j && $j !~ /^lo/ && defined($net{$j})) { - print "block in from $net{$j} to any group $grpi\n"; - } - } - } -} - -sub irix_mkfilters -{ - open(NETSTAT, "/usr/etc/netstat -i|") || return 0; - - while (defined($line = <NETSTAT>)) - { - if ($line =~ m/^Name/) - { - next; - } - elsif ($line =~ m/^(\S+)/) - { - open(I, "/usr/etc/ifconfig $1|") || return 0; - &scan_ifconfig; - close I; # being neat... - Allen - } - } - close NETSTAT; # again, being neat... - Allen - return 1; -} - -sub regular_mkfilters -{ - open(I, "ifconfig -a|") || return 0; - &scan_ifconfig; - close I; # being neat... - Allen - return 1; -} - -sub scan_ifconfig -{ - while (<I>) { - chop; - if (/^[a-zA-Z]+\d+:/) { - ($iface = $_) =~ s/^([a-zA-Z]+\d+).*/$1/; - $ifaces{$iface} = $iface; - next; - } - if (/inet/) { - if (/\-\-\>/) { # PPP, (SLIP?) - ($inet{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$1/; - ($ppp{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$2/; - } else { - ($inet{$iface} = $_) =~ s/.*inet ([^ ]+).*/$1/; - } - } - if (/netmask/) { - ($mask = $_) =~ s/.*netmask ([^ ]+).*/$1/; - $mask =~ s/^/0x/ if ($mask =~ /^[0-9a-f]*$/); - $netmask{$iface} = $mask; - } - if (/broadcast/) { - ($bcast{$iface} = $_) =~ s/.*broadcast ([^ ]+).*/$1/; - } - } -} - |
