9c1da17e90
derive IP address(es) from the interface (e.g "... from any to fxp0"). This however, creates window for possible attacks from the network. Implement the solution proposed by YAMAMOTO Takashi: Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot script before starting the network. People who don't like the default rules can override it with their own /etc/pf.boot.conf. The default rules have been obtained from OpenBSD. No objections on: tech-security
21 lines
336 B
Makefile
21 lines
336 B
Makefile
# $NetBSD: Makefile,v 1.7 2005/08/23 12:12:56 peter Exp $
|
|
|
|
.include <bsd.own.mk>
|
|
|
|
SUBDIR= authpf
|
|
SUBDIR+= ftp-proxy
|
|
SUBDIR+= pfctl
|
|
SUBDIR+= pflogd
|
|
|
|
SUBDIR+= man
|
|
|
|
.if (${MKSHARE} != "no")
|
|
SUBDIR+= examples
|
|
.endif
|
|
|
|
configinstall:
|
|
${MAKEDIRTARGET} etc configinstall
|
|
${MAKEDIRTARGET} etc/defaults configinstall
|
|
|
|
.include <bsd.subdir.mk>
|