From 1ceef06f4152c24e9d98521d5986288ad9a91529 Mon Sep 17 00:00:00 2001
From: phk <phk@FreeBSD.org>
Date: Wed, 15 Apr 1998 16:41:14 +0000
Subject: Better RFC1918 network protection PR:		6278 Reviewed by:
 phk Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>

---
 etc/rc.firewall | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/rc.firewall b/etc/rc.firewall
index f834e47..444572f 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -1,6 +1,6 @@
 ############
 # Setup system for firewall service.
-# $Id: rc.firewall,v 1.15 1997/10/21 00:54:08 danny Exp $
+# $Id: rc.firewall,v 1.16 1998/02/10 01:45:47 adam Exp $
 
 if [ -f /etc/rc.conf ]; then
 	. /etc/rc.conf
@@ -140,8 +140,11 @@ elif [ "${firewall_type}" = "simple" ]; then
 
     # Stop RFC1918 nets on the outside interface
     $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
+    $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif}
     $fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif}
+    $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif}
     $fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif}
+    $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif}
 
     # Allow TCP through if setup succeeded
     $fwcmd add pass tcp from any to any established
-- 
cgit v1.1