diff options
| author | jkoshy <jkoshy@FreeBSD.org> | 1998-09-15 10:49:03 +0000 |
|---|---|---|
| committer | jkoshy <jkoshy@FreeBSD.org> | 1998-09-15 10:49:03 +0000 |
| commit | ed7cc860374c899ac82fe41832afd84295494cc8 (patch) | |
| tree | cbe84db3ab3ab9964a2736ffbce22906901c9e50 /etc | |
| parent | 79200df6729d1afbc24596e05c0bee54a2544616 (diff) | |
| download | FreeBSD-src-ed7cc860374c899ac82fe41832afd84295494cc8.zip FreeBSD-src-ed7cc860374c899ac82fe41832afd84295494cc8.tar.gz | |
Turn off replies to ICMP echo requests for broadcast and multicast
addresses by default.
Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".
Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).
Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/network.subr | 7 | ||||
| -rw-r--r-- | etc/rc.conf | 5 | ||||
| -rw-r--r-- | etc/rc.d/netoptions | 7 | ||||
| -rw-r--r-- | etc/rc.d/network1 | 7 | ||||
| -rw-r--r-- | etc/rc.d/network2 | 7 | ||||
| -rw-r--r-- | etc/rc.d/network3 | 7 | ||||
| -rw-r--r-- | etc/rc.d/routing | 7 | ||||
| -rw-r--r-- | etc/rc.network | 7 |
8 files changed, 46 insertions, 8 deletions
diff --git a/etc/network.subr b/etc/network.subr index 526cf3c..f807a89 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 diff --git a/etc/rc.conf b/etc/rc.conf index 569994d..eba2b4f 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -6,7 +6,7 @@ # # All arguments must be in double or single quotes. # -# $Id: rc.conf,v 1.55 1998/09/04 23:37:24 jkh Exp $ +# $Id: rc.conf,v 1.56 1998/09/06 08:20:11 phk Exp $ ############################################################## ### Important initial Boot-time options ##################### @@ -114,6 +114,9 @@ arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us +### Miscellaneous network options: ### +icmp_bmcastecho="NO" # respond to broadcast ping packets + ############################################################## ### System console options ################################# diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 526cf3c..f807a89 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 526cf3c..f807a89 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index 526cf3c..f807a89 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index 526cf3c..f807a89 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 526cf3c..f807a89 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 diff --git a/etc/rc.network b/etc/rc.network index 526cf3c..f807a89 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $ +# $Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -110,6 +110,11 @@ network_pass1() { sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi + if [ X"$icmp_bmcastecho" = X"YES" ]; then + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 + fi + if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 |
