diff options
| author | ume <ume@FreeBSD.org> | 2009-12-02 15:05:26 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2009-12-02 15:05:26 +0000 |
| commit | ba7665678f35b37968e0734f1086fc8fe7143340 (patch) | |
| tree | d274f4a3f20bd30ff98ae13a63f13accbcd8cba4 /etc/defaults | |
| parent | b26098335ad13f28d7c5848b7616741f750e786e (diff) | |
| download | FreeBSD-src-ba7665678f35b37968e0734f1086fc8fe7143340.zip FreeBSD-src-ba7665678f35b37968e0734f1086fc8fe7143340.tar.gz | |
Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6
and rc.d/ip6fw.
Reviewed by: dougb, jhb
MFC after: 1 month
Diffstat (limited to 'etc/defaults')
| -rw-r--r-- | etc/defaults/rc.conf | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index c094303..19a9a39 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -118,7 +118,10 @@ firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file -firewall_client_net="192.0.2.0/24" # Network address for "client" firewall. +firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" + # firewall. +#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for + # "client" firewall. firewall_simple_iif="ed1" # Inside network interface for "simple" # firewall. firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple" @@ -127,12 +130,22 @@ firewall_simple_oif="ed0" # Outside network interface for "simple" # firewall. firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple" # firewall. +#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple" + # firewall. +#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix + # for "simple" firewall. +#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple" + # firewall. +#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix + # for "simple" firewall. firewall_myservices="" # List of TCP ports on which this host # offers services for "workstation" firewall. firewall_allowservices="" # List of IPs which have access to # $firewall_myservices for "workstation" # firewall. -firewall_trusted="" # List of IPs which have full access to this +firewall_trusted="" # List of IPv4s which have full access to this + # host for "workstation" firewall. +firewall_trusted_ipv6="" # List of IPv6s which have full access to this # host for "workstation" firewall. firewall_logdeny="NO" # Set to YES to log default denied incoming # packets for "workstation" firewall. @@ -472,13 +485,6 @@ ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH # faithd(8) setup. ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr # communication. (like ::ffff:a.b.c.d) -ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall - # functionality -ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall -ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6) -ipv6_firewall_quiet="NO" # Set to YES to suppress rule display -ipv6_firewall_logging="NO" # Set to YES to enable events logging -ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, # see /usr/src/contrib/ipfilter/rules # for examples |
