diff options
| author | sheldonh <sheldonh@FreeBSD.org> | 1999-08-25 16:01:45 +0000 |
|---|---|---|
| committer | sheldonh <sheldonh@FreeBSD.org> | 1999-08-25 16:01:45 +0000 |
| commit | 8cec588c449f00982159304c76482d87d5194f0d (patch) | |
| tree | c5b950c555128460f4c0f03bc9b54c807a922506 /etc/rc.firewall | |
| parent | de5fc0125907bb6de177202bfa1b843589e80011 (diff) | |
| download | FreeBSD-src-8cec588c449f00982159304c76482d87d5194f0d.zip FreeBSD-src-8cec588c449f00982159304c76482d87d5194f0d.tar.gz | |
Style clean-up:
* All variables are now embraced: ${foo}
* All comparisons against some value now take the form:
[ "${foo}" ? "value" ]
where ? is a comparison operator
* All empty string tests now take the form:
[ -z "${foo}" ]
* All non-empty string tests now take the form:
[ -n "${foo}" ]
Submitted by: jkh
Diffstat (limited to 'etc/rc.firewall')
| -rw-r--r-- | etc/rc.firewall | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index f8feb98..675e262 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -1,6 +1,6 @@ ############ # Setup system for firewall service. -# $Id: rc.firewall,v 1.19 1998/04/25 00:40:55 alex Exp $ +# $Id: rc.firewall,v 1.20 1999/02/10 18:08:16 jkh Exp $ # Suck in the configuration variables. if [ -f /etc/defaults/rc.conf ]; then @@ -44,13 +44,13 @@ fi # http://www.awl.com/ # -if [ "x$1" != "x" ]; then +if [ -n "$1" ]; then firewall_type=$1 fi ############ # Set quiet mode if requested -if [ "x$firewall_quiet" = "xYES" ]; then +if [ "${firewall_quiet}" = "YES" ]; then fwcmd="/sbin/ipfw -q" else fwcmd="/sbin/ipfw" @@ -58,15 +58,15 @@ fi ############ # Flush out the list before we begin. -$fwcmd -f flush +${fwcmd} -f flush ############ # These rules are required for using natd. All packets are passed to # natd before they encounter your remaining rules. The firewall rules # will then be run again on each packet after translation by natd, # minus any divert rules (see natd(8)). -if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then - $fwcmd add divert natd all from any to any via ${natd_interface} +if [ "${natd_enable}" = "YES" -a "${natd_interface}" != "X" ]; then + ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ############ @@ -75,18 +75,18 @@ fi # they you will want to change the default policy to open. You can also # do this as your only action by setting the firewall_type to ``open''. -# $fwcmd add 65000 pass all from any to any +# ${fwcmd} add 65000 pass all from any to any ############ # Only in rare cases do you want to change these rules -$fwcmd add 100 pass all from any to any via lo0 -$fwcmd add 200 deny all from any to 127.0.0.0/8 +${fwcmd} add 100 pass all from any to any via lo0 +${fwcmd} add 200 deny all from any to 127.0.0.0/8 # Prototype setups. if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then - $fwcmd add 65000 pass all from any to any + ${fwcmd} add 65000 pass all from any to any elif [ "${firewall_type}" = "client" ]; then @@ -101,28 +101,28 @@ elif [ "${firewall_type}" = "client" ]; then ip="192.168.4.17" # Allow any traffic to or from my own net. - $fwcmd add pass all from ${ip} to ${net}:${mask} - $fwcmd add pass all from ${net}:${mask} to ${ip} + ${fwcmd} add pass all from ${ip} to ${net}:${mask} + ${fwcmd} add pass all from ${net}:${mask} to ${ip} # Allow TCP through if setup succeeded - $fwcmd add pass tcp from any to any established + ${fwcmd} add pass tcp from any to any established # Allow setup of incoming email - $fwcmd add pass tcp from any to ${ip} 25 setup + ${fwcmd} add pass tcp from any to ${ip} 25 setup # Allow setup of outgoing TCP connections only - $fwcmd add pass tcp from ${ip} to any setup + ${fwcmd} add pass tcp from ${ip} to any setup # Disallow setup of all other TCP connections - $fwcmd add deny tcp from any to any setup + ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world - $fwcmd add pass udp from any 53 to ${ip} - $fwcmd add pass udp from ${ip} to any 53 + ${fwcmd} add pass udp from any 53 to ${ip} + ${fwcmd} add pass udp from ${ip} to any 53 # Allow NTP queries out in the world - $fwcmd add pass udp from any 123 to ${ip} - $fwcmd add pass udp from ${ip} to any 123 + ${fwcmd} add pass udp from any 123 to ${ip} + ${fwcmd} add pass udp from ${ip} to any 123 # Everything else is denied as default. @@ -147,45 +147,45 @@ elif [ "${firewall_type}" = "simple" ]; then iip="192.168.3.17" # Stop spoofing - $fwcmd add deny all from ${inet}:${imask} to any in via ${oif} - $fwcmd add deny all from ${onet}:${omask} to any in via ${iif} + ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} + ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface - $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} - $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} - $fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} - $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} - $fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} - $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} + ${fwcmd} add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} + ${fwcmd} add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} + ${fwcmd} add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} + ${fwcmd} add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} + ${fwcmd} add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} + ${fwcmd} add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} # Allow TCP through if setup succeeded - $fwcmd add pass tcp from any to any established + ${fwcmd} add pass tcp from any to any established # Allow setup of incoming email - $fwcmd add pass tcp from any to ${oip} 25 setup + ${fwcmd} add pass tcp from any to ${oip} 25 setup # Allow access to our DNS - $fwcmd add pass tcp from any to ${oip} 53 setup + ${fwcmd} add pass tcp from any to ${oip} 53 setup # Allow access to our WWW - $fwcmd add pass tcp from any to ${oip} 80 setup + ${fwcmd} add pass tcp from any to ${oip} 80 setup # Reject&Log all setup of incoming connections from the outside - $fwcmd add deny log tcp from any to any in via ${oif} setup + ${fwcmd} add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection - $fwcmd add pass tcp from any to any setup + ${fwcmd} add pass tcp from any to any setup # Allow DNS queries out in the world - $fwcmd add pass udp from any 53 to ${oip} - $fwcmd add pass udp from ${oip} to any 53 + ${fwcmd} add pass udp from any 53 to ${oip} + ${fwcmd} add pass udp from ${oip} to any 53 # Allow NTP queries out in the world - $fwcmd add pass udp from any 123 to ${oip} - $fwcmd add pass udp from ${oip} to any 123 + ${fwcmd} add pass udp from any 123 to ${oip} + ${fwcmd} add pass udp from ${oip} to any 123 # Everything else is denied as default. elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then - $fwcmd ${firewall_type} + ${fwcmd} ${firewall_type} fi |
