Give rc.firewall a polish and a new method.

Factor out the loopback setup

Use "me" instead of hardcoded $ip where possible.

Add "workstation" which protects just this machine with stateful
    firewalling.  Put the variables for this in rc.conf.

Submitted by:	Flemming Jacobsen <fj@batmule.dk>
Reviewed by:	cperciva

1 files changed, 10 insertions, 0 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index f75171a..10f37df 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -104,6 +104,16 @@ firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
+firewall_myservices=""		# List of TCP ports on which this host
+				#  offers services
+firewall_allowservices=""	# List of IPs which has access to
+				#  $firewall_myservices
+firewall_trusted=""		# List of IPs which has full access to this host
+firewall_logdeny="NO"		# Set to YES to log default denied incoming
+				#  packets.
+firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports
+				#  for which denied incoming packets are not
+				#  logged.
 ip_portrange_first="NO"		# Set first dynamically allocated port
 ip_portrange_last="NO"		# Set last dynamically allocated port
 ike_enable="NO"			# Enable IKE daemon (usually racoon or isakmpd)