Allow the network addresses and interface names for the "client" and

"workstation" firewall types to be set from rc.conf so that rc.firewall
no longer needs local patching to be usable for those types.  For now
I've set the variables in /etc/defaults/rc.conf to the previous defaults
in /etc/rc.firewall.

PR:		bin/65258
Submitted by:	Valentin Nechayev  netch of netch.kiev.ua
Silence from:	net
MFC after:	2 weeks

1 files changed, 9 insertions, 0 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index e82da9d..07d86f4 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -115,6 +115,15 @@ firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
+firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
+firewall_simple_iif="ed1"	# Inside network interface for "simple"
+				# firewall.
+firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
+				# firewall.
+firewall_simple_oif="ed0"	# Outside network interface for "simple"
+				# firewall.
+firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
+				# firewall.
 firewall_myservices=""		# List of TCP ports on which this host
 				# offers services for "workstation" firewall.
 firewall_allowservices=""	# List of IPs which have access to