92 lines
2.8 KiB
Plaintext
92 lines
2.8 KiB
Plaintext
diff -d -c -r tmp/etc/netstart etc/netstart
|
|
*** tmp/etc/netstart Fri Oct 4 03:33:53 2002
|
|
--- etc/netstart Sun Nov 3 14:36:17 2002
|
|
***************
|
|
*** 181,186 ****
|
|
--- 181,196 ----
|
|
domainname `cat /etc/defaultdomain`
|
|
fi
|
|
|
|
+ # Configure the IP filter before configuring network interfaces
|
|
+ if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
|
|
+ echo 'configuring IP filter'
|
|
+ ipf -Fa -f ${ipfilter_rules}
|
|
+ ipfresync="ipf -y"
|
|
+ else
|
|
+ ipfilter=NO
|
|
+ ipfresync=NO
|
|
+ fi
|
|
+
|
|
# Set the address for the loopback interface.
|
|
# It will also initialize IPv6 address for lo0 (::1 and others).
|
|
ifconfig lo0 inet localhost
|
|
***************
|
|
*** 336,338 ****
|
|
--- 346,361 ----
|
|
|
|
bridgestart $if
|
|
done
|
|
+
|
|
+ # Configure NAT after configuring network interfaces
|
|
+ if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then
|
|
+ echo 'configuring NAT'
|
|
+ ipnat -CF -f ${ipnat_rules}
|
|
+ else
|
|
+ ipnat=NO
|
|
+ fi
|
|
+
|
|
+ # Interfaces have come up so we should do an ipf -y if we're using IP filter.
|
|
+ if [ "${ipfresync}" != "NO" ]; then
|
|
+ ${ipfresync}
|
|
+ fi
|
|
diff -d -c -r tmp/etc/rc etc/rc
|
|
*** tmp/etc/rc Fri Oct 4 03:33:53 2002
|
|
--- etc/rc Sun Nov 3 14:38:35 2002
|
|
***************
|
|
*** 208,213 ****
|
|
--- 208,217 ----
|
|
echo 'starting named'; named $named_flags
|
|
fi
|
|
|
|
+ if [ X"${ipfilter}" = X"YES" -a X"${ipmon_flags}" != X"NO" ]; then
|
|
+ echo 'starting ipmon'; ipmon ${ipmon_flags}
|
|
+ fi
|
|
+
|
|
# $isakmpd_flags is imported from /etc/rc.conf;
|
|
# If $isakmpd_flags == NO or /etc/isakmpd/isakmpd.policy doesn't exist, then
|
|
# isakmpd isn't run.
|
|
diff -d -c -r tmp/etc/rc.conf etc/rc.conf
|
|
*** tmp/etc/rc.conf Fri Oct 4 03:33:53 2002
|
|
--- etc/rc.conf Sun Nov 3 14:36:17 2002
|
|
***************
|
|
*** 54,60 ****
|
|
lockd=NO
|
|
gated=NO
|
|
amd=NO
|
|
! pf=NO # Packet filter / NAT
|
|
portmap=NO # Note: inetd(8) rpc services need portmap too
|
|
inetd=YES # almost always needed
|
|
check_quotas=YES # NO may be desirable in some YP environments
|
|
--- 54,62 ----
|
|
lockd=NO
|
|
gated=NO
|
|
amd=NO
|
|
! ipfilter=NO # To enable ipfilter, set to YES
|
|
! ipnat=NO # for "YES", ipfilter must also be "YES"
|
|
! pf=NO # Enable pf(4) Packet filter / NAT
|
|
portmap=NO # Note: inetd(8) rpc services need portmap too
|
|
inetd=YES # almost always needed
|
|
check_quotas=YES # NO may be desirable in some YP environments
|
|
***************
|
|
*** 78,83 ****
|
|
--- 80,88 ----
|
|
nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver
|
|
amd_dir=/tmp_mnt # AMD's mount directory
|
|
amd_master=/etc/amd/master # AMD 'master' map
|
|
+ ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering with IP Filter
|
|
+ ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation
|
|
+ ipmon_flags=-Ds # To disable logging, use ipmon_flags=NO
|
|
syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log"
|
|
named_user=named # Named should not run as root unless necessary
|
|
named_chroot=/var/named # Where to chroot named if not empty
|