diff options
Diffstat (limited to 'contrib/ipfilter/mkfilters')
| -rw-r--r-- | contrib/ipfilter/mkfilters | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/contrib/ipfilter/mkfilters b/contrib/ipfilter/mkfilters deleted file mode 100644 index f0e6ff4..0000000 --- a/contrib/ipfilter/mkfilters +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/local/bin/perl -# for best results, bring up all your interfaces before running this - -if ($^O =~ m/^irix/i) -{ - &irix_mkfilters || regular_mkfilters || die $!; -} -else -{ - ®ular_mkfilters || irix_mkfilters || die $!; -} - -foreach $i (keys %ifaces) { - $net{$i} = $inet{$i}."/".$netmask{$i} if (defined($inet{$i})); -} -# -# print out route suggestions -# -print "#\n"; -print "# The following routes should be configured, if not already:\n"; -print "#\n"; -foreach $i (keys %ifaces) { - next if (($i =~ /lo/) || !defined($net{$i}) || defined($ppp{$i})); - print "# route add $inet{$i} localhost 0\n"; -} -print "#\n"; - -# -# print out some generic filters which people should use somewhere near the top -# -print "block in log quick from any to any with ipopts\n"; -print "block in log quick proto tcp from any to any with short\n"; - -$grpi = 0; - -foreach $i (keys %ifaces) { - if (!defined($inet{$i})) { - next; - } - - $grpi += 100; - $grpo = $grpi + 50; - - if ($i !~ /lo/) { - print "pass out on $i all head $grpo\n"; - print "block out from 127.0.0.0/8 to any group $grpo\n"; - print "block out from any to 127.0.0.0/8 group $grpo\n"; - print "block out from any to $inet{$i}/32 group $grpo\n"; - print "pass in on $i all head $grpi\n"; - print "block in from 127.0.0.0/8 to any group $grpi\n"; - print "block in from $inet{$i}/32 to any group $grpi\n"; - foreach $j (keys %ifaces) { - if ($i ne $j && $j !~ /^lo/ && defined($net{$j})) { - print "block in from $net{$j} to any group $grpi\n"; - } - } - } -} - -sub irix_mkfilters -{ - open(NETSTAT, "/usr/etc/netstat -i|") || return 0; - - while (defined($line = <NETSTAT>)) - { - if ($line =~ m/^Name/) - { - next; - } - elsif ($line =~ m/^(\S+)/) - { - open(I, "/usr/etc/ifconfig $1|") || return 0; - &scan_ifconfig; - close I; # being neat... - Allen - } - } - close NETSTAT; # again, being neat... - Allen - return 1; -} - -sub regular_mkfilters -{ - open(I, "ifconfig -a|") || return 0; - &scan_ifconfig; - close I; # being neat... - Allen - return 1; -} - -sub scan_ifconfig -{ - while (<I>) { - chop; - if (/^[a-zA-Z]+\d+:/) { - ($iface = $_) =~ s/^([a-zA-Z]+\d+).*/$1/; - $ifaces{$iface} = $iface; - next; - } - if (/inet/) { - if (/\-\-\>/) { # PPP, (SLIP?) - ($inet{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$1/; - ($ppp{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$2/; - } else { - ($inet{$iface} = $_) =~ s/.*inet ([^ ]+).*/$1/; - } - } - if (/netmask/) { - ($mask = $_) =~ s/.*netmask ([^ ]+).*/$1/; - $mask =~ s/^/0x/ if ($mask =~ /^[0-9a-f]*$/); - $netmask{$iface} = $mask; - } - if (/broadcast/) { - ($bcast{$iface} = $_) =~ s/.*broadcast ([^ ]+).*/$1/; - } - } -} - |
