PERFORCE change 97190 for review
soc-bushman
soc-bushman at FreeBSD.org
Mon May 15 12:36:03 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=97190
Change 97190 by soc-bushman at soc-bushman_stinger on 2006/05/15 12:35:02
revisions integrated
Affected files ...
.. //depot/projects/soc2005/nsswitch_cached/src/etc/Makefile#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/cached.conf#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/defaults/periodic.conf#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/defaults/rc.conf#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/etc.sparc64/ttys#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/mtree/BSD.root.dist#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/nsswitch.conf#1 branch
.. //depot/projects/soc2005/nsswitch_cached/src/etc/periodic/security/600.ip6fwdenied#2 delete
.. //depot/projects/soc2005/nsswitch_cached/src/etc/periodic/security/650.ip6fwlimit#2 delete
.. //depot/projects/soc2005/nsswitch_cached/src/etc/periodic/security/Makefile#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/Makefile#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/cached#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/ip6fw#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/jail#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/nsswitch#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/etc/rc.firewall6#2 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/include/netdb.h#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/include/nsswitch.h#10 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/include/resolv.h#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/include/rpc/rpcent.h#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/Makefile#7 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/gen/getgrent.c#10 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/gen/getpwent.c#13 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/gen/syslog.c#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/i386/sys/i386_set_watch.3#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/include/nscache.h#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/include/nscachedcli.h#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/Makefile.inc#9 edit
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/getaddrinfo.c#14 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/gethostbydns.c#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/gethostbyht.c#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/gethostbyname.3#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/gethostbynis.c#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/gethostnamadr.c#12 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/getnetnamadr.c#5 edit
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/getproto.c#7 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/getprotoent.c#12 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/getprotoname.c#7 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/getservent.c#22 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/name6.c#12 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/netdb_private.h#11 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/nscache.c#11 edit
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/nscachedcli.c#12 edit
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/nsdispatch.c#18 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/net/nsparser.y#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/rpc/getrpcent.c#12 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/stdlib/malloc.c#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/Makefile#9 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/bluetooth/sdpd/server.c#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/Makefile#9 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agent.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agent.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/Makefile.inc#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/group.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/group.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/passwd.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/passwd.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/services.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/agents/services.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cached.8#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cached.c#4 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cached.conf#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cached.conf.5#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cachedcli.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cachedcli.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cachelib.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cachelib.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cacheplcs.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/cacheplcs.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/config.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/config.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/debug.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/debug.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/hashtable.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/log.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/log.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/mp_rs_query.c#4 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/mp_rs_query.h#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/mp_ws_query.c#4 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/mp_ws_query.h#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/parser.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/parser.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/protocol.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/protocol.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/query.c#4 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/query.h#3 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/singletons.c#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/cached/singletons.h#2 edit
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/alias.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/controller.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/curses.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/dial.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/exec.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/fsm.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/holiday.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/isdnd.h#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/log.c#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/main.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/monitor.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/msghdl.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/process.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/rates.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/rc_config.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/support.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdnd/timer.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/i4b/isdntest/main.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/jail/jail.8#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/jail/jail.c#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/mergemaster/mergemaster.8#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/mergemaster/mergemaster.sh#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/mount_nwfs/mount_nwfs.c#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/mountd/mountd.8#3 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/portsnap/phttpget/phttpget.c#6 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/portsnap/portsnap/portsnap.8#5 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/portsnap/portsnap/portsnap.sh#7 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/sysinstall/installUpgrade.c#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/sysinstall/sysinstall.8#4 integrate
.. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/sysinstall/sysinstall.h#6 integrate
Differences ...
==== //depot/projects/soc2005/nsswitch_cached/src/etc/Makefile#4 (text+ko) ====
@@ -1,5 +1,5 @@
# from: @(#)Makefile 5.11 (Berkeley) 5/21/91
-# $FreeBSD: src/etc/Makefile,v 1.354 2006/03/17 18:54:20 ru Exp $
+# $FreeBSD: src/etc/Makefile,v 1.356 2006/05/03 15:14:46 ume Exp $
.include <bsd.own.mk>
@@ -11,8 +11,8 @@
crontab csh.cshrc csh.login csh.logout devd.conf devfs.conf \
dhclient.conf disktab fbtab ftpusers gettytab group \
hosts hosts.allow hosts.equiv hosts.lpd \
- inetd.conf login.access login.conf \
- mac.conf motd netconfig network.subr networks newsyslog.conf \
+ inetd.conf login.access login.conf mac.conf motd \
+ netconfig network.subr networks newsyslog.conf nsswitch.conf \
portsnap.conf pf.conf pf.os phones profile protocols \
rc rc.bsdextended rc.firewall rc.firewall6 rc.initdiskless \
rc.sendmail rc.shutdown \
@@ -35,7 +35,7 @@
BIN1+= printcap
.endif
-.if !defined(NO_NS_CACHING)
+.if ${MK_NS_CACHING} != "no"
BIN1+= cached.conf
.endif
==== //depot/projects/soc2005/nsswitch_cached/src/etc/cached.conf#2 (text+ko) ====
==== //depot/projects/soc2005/nsswitch_cached/src/etc/defaults/periodic.conf#2 (text+ko) ====
@@ -13,7 +13,7 @@
# For a more detailed explanation of all the periodic.conf variables, please
# refer to the periodic.conf(5) manual page.
#
-# $FreeBSD: src/etc/defaults/periodic.conf,v 1.37 2006/03/02 14:46:00 brueffer Exp $
+# $FreeBSD: src/etc/defaults/periodic.conf,v 1.38 2006/05/12 19:17:33 mlaier Exp $
#
# What files override these defaults ?
@@ -171,15 +171,9 @@
# 550.ipfwlimit
daily_status_security_ipfwlimit_enable="YES"
-# 600.ip6fwdenied
-daily_status_security_ip6fwdenied_enable="YES"
-
# 610.ipf6denied
daily_status_security_ipf6denied_enable="YES"
-# 650.ip6fwlimit
-daily_status_security_ip6fwlimit_enable="YES"
-
# 700.kernelmsg
daily_status_security_kernelmsg_enable="YES"
==== //depot/projects/soc2005/nsswitch_cached/src/etc/defaults/rc.conf#5 (text+ko) ====
@@ -15,7 +15,7 @@
# For a more detailed explanation of all the rc.conf variables, please
# refer to the rc.conf(5) manual page.
#
-# $FreeBSD: src/etc/defaults/rc.conf,v 1.281 2006/04/18 15:02:24 flz Exp $
+# $FreeBSD: src/etc/defaults/rc.conf,v 1.283 2006/05/11 14:23:43 flz Exp $
##############################################################
### Important initial Boot-time options ####################
@@ -472,7 +472,7 @@
auditd_enable="NO" # Run the audit daemon.
auditd_flags="" # Which options to pass to the audit daemon.
-cached_enable="NO" # Run the nsswitch caching daemon
+cached_enable="NO" # Run the nsswitch caching daemon.
cron_enable="YES" # Run the periodic job daemon.
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
@@ -555,11 +555,15 @@
#
# To use rc's built-in jail infrastructure create entries for
# each jail, specified in jail_list, with the following variables.
-# NOTE: replace 'example' with the jail's name.
+# NOTES:
+# - replace 'example' with the jail's name.
+# - except rootdir, hostname and ip, all of the following variables may be made
+# global jail variables if you don't specify a jail name (ie. jail_interface).
#
#jail_example_rootdir="/usr/jail/default" # Jail's root directory
#jail_example_hostname="default.domain.com" # Jail's hostname
#jail_example_ip="192.168.0.10" # Jail's IP number
+#jail_example_interface="" # Interface to create the IP alias on
#jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting
#jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping
#jail_example_devfs_enable="NO" # mount devfs in the jail
==== //depot/projects/soc2005/nsswitch_cached/src/etc/etc.sparc64/ttys#2 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $FreeBSD: src/etc/etc.sparc64/ttys,v 1.12 2006/02/04 23:30:09 marius Exp $
+# $FreeBSD: src/etc/etc.sparc64/ttys,v 1.13 2006/04/25 19:43:53 marius Exp $
# @(#)ttys 5.1 (Berkeley) 4/17/89
#
# This file specifies various information about terminals on the system.
@@ -35,9 +35,6 @@
screen "/usr/libexec/getty Pc" vt100 off secure
ttya "/usr/libexec/getty 3wire.9600" vt100 off secure
ttyb "/usr/libexec/getty 3wire.9600" vt100 off secure
-# sab(4)
-ttyz0 "/usr/libexec/getty 3wire.9600" vt100 off secure
-ttyz1 "/usr/libexec/getty 3wire.9600" vt100 off secure
# syscons(4)
ttyv0 "/usr/libexec/getty Pc" cons25 on secure
# Virtual terminals
==== //depot/projects/soc2005/nsswitch_cached/src/etc/mtree/BSD.root.dist#2 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/etc/mtree/BSD.root.dist,v 1.76 2005/12/29 14:40:19 dfr Exp $
+# $FreeBSD: src/etc/mtree/BSD.root.dist,v 1.77 2006/05/10 18:53:15 marcus Exp $
#
# Please see the file src/etc/mtree/README before making changes to this file.
#
@@ -69,6 +69,8 @@
..
libexec
..
+ media
+ ..
mnt
..
proc mode=0555
==== //depot/projects/soc2005/nsswitch_cached/src/etc/periodic/security/Makefile#2 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/etc/periodic/security/Makefile,v 1.4 2004/11/24 18:41:53 mlaier Exp $
+# $FreeBSD: src/etc/periodic/security/Makefile,v 1.5 2006/05/12 19:17:34 mlaier Exp $
FILES= 100.chksetuid \
200.chkmounts \
@@ -8,8 +8,6 @@
510.ipfdenied \
520.pfdenied \
550.ipfwlimit \
- 600.ip6fwdenied \
- 650.ip6fwlimit \
700.kernelmsg \
800.loginfail \
900.tcpwrap \
==== //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/Makefile#4 (text+ko) ====
@@ -1,5 +1,5 @@
# $NetBSD: Makefile,v 1.16 2001/01/14 15:37:22 minoura Exp $
-# $FreeBSD: src/etc/rc.d/Makefile,v 1.69 2006/03/28 18:28:33 simon Exp $
+# $FreeBSD: src/etc/rc.d/Makefile,v 1.70 2006/04/28 12:03:33 ume Exp $
.include <bsd.own.mk>
@@ -46,7 +46,7 @@
FILES+= sshd
.endif
-.if !defined(NO_NS_CACHING)
+.if ${MK_NS_CACHING} != "no"
FILES+= cached
.endif
==== //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/cached#3 (text+ko) ====
==== //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/ip6fw#2 (text+ko) ====
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $FreeBSD: src/etc/rc.d/ip6fw,v 1.6 2004/10/07 13:55:26 mtm Exp $
+# $FreeBSD: src/etc/rc.d/ip6fw,v 1.7 2006/05/12 19:17:34 mlaier Exp $
#
# PROVIDE: ip6fw
@@ -20,7 +20,7 @@
{
# Load IPv6 firewall module, if not already loaded
if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then
- kldload ip6fw && {
+ kldload ipfw && {
debug 'Kernel IPv6 firewall module loaded.'
return 0
}
@@ -41,7 +41,7 @@
if [ -r "${ipv6_firewall_script}" ]; then
. "${ipv6_firewall_script}"
echo 'IPv6 Firewall rules loaded.'
- elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then
+ elif [ "`ipfw show 65535`" = "65535 deny ip from any to any" ]; then
warn 'IPv6 firewall rules have not been loaded. Default' \
' to DENY all access.'
fi
@@ -50,7 +50,7 @@
#
if checkyesno ipv6_firewall_logging; then
echo 'IPv6 Firewall logging=YES'
- sysctl net.inet6.ip6.fw.verbose=1 >/dev/null
+ sysctl net.inet.ip.fw.verbose=1 >/dev/null
fi
# Enable the firewall
==== //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/jail#3 (text+ko) ====
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $FreeBSD: src/etc/rc.d/jail,v 1.27 2006/04/08 12:15:35 flz Exp $
+# $FreeBSD: src/etc/rc.d/jail,v 1.32 2006/05/11 14:23:43 flz Exp $
#
# PROVIDE: jail
@@ -27,65 +27,76 @@
return
fi
- eval jail_rootdir=\"\$jail_${_j}_rootdir\"
- jail_devdir="${jail_rootdir}/dev"
- jail_fdescdir="${jail_devdir}/fd"
- jail_procdir="${jail_rootdir}/proc"
- eval jail_hostname=\"\$jail_${_j}_hostname\"
- eval jail_ip=\"\$jail_${_j}_ip\"
- eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
- eval jail_exec=\"\$jail_${_j}_exec\"
- eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
- eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
- if [ -n "${jail_exec}" ]; then
+ eval _rootdir=\"\$jail_${_j}_rootdir\"
+ _devdir="${_rootdir}/dev"
+ _fdescdir="${_devdir}/fd"
+ _procdir="${_rootdir}/proc"
+ eval _hostname=\"\$jail_${_j}_hostname\"
+ eval _ip=\"\$jail_${_j}_ip\"
+ eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
+ eval _exec=\"\$jail_${_j}_exec\"
+ eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
+ eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
+ if [ -n "${_exec}" ]; then
# simple/backward-compatible execution
- jail_exec_start="${jail_exec}"
- jail_exec_stop=""
+ _exec_start="${_exec}"
+ _exec_stop=""
else
# flexible execution
- if [ -z "${jail_exec_start}" ]; then
- jail_exec_start="/bin/sh /etc/rc"
- if [ -z "${jail_exec_stop}" ]; then
- jail_exec_stop="/bin/sh /etc/rc.shutdown"
+ if [ -z "${_exec_start}" ]; then
+ _exec_start="/bin/sh /etc/rc"
+ if [ -z "${_exec_stop}" ]; then
+ _exec_stop="/bin/sh /etc/rc.shutdown"
fi
fi
fi
# The default jail ruleset will be used by rc.subr if none is specified.
- eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
- eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
- [ -z "${jail_devfs}" ] && jail_devfs="NO"
- eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
- [ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
- eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
- [ -z "${jail_procfs}" ] && jail_procfs="NO"
+ eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
+ eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
+ [ -z "${_devfs}" ] && _devfs="NO"
+ eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
+ [ -z "${_fdescfs}" ] && _fdescfs="NO"
+ eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
+ [ -z "${_procfs}" ] && _procfs="NO"
- eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
- [ -z "${jail_mount}" ] && jail_mount="NO"
+ eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
+ [ -z "${_mount}" ] && _mount="NO"
# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
- eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
- [ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
- eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
- [ -z "${jail_flags}" ] && jail_flags="-l -U root"
+ eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
+ [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
+ eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
+ [ -z "${_flags}" ] && _flags="-l -U root"
# Debugging aid
#
- debug "$_j devfs enable: $jail_devfs"
- debug "$_j fdescfs enable: $jail_fdescfs"
- debug "$_j procfs enable: $jail_procfs"
- debug "$_j mount enable: $jail_mount"
- debug "$_j hostname: $jail_hostname"
- debug "$_j ip: $jail_ip"
- debug "$_j interface: $jail_interface"
- debug "$_j root: $jail_rootdir"
- debug "$_j devdir: $jail_devdir"
- debug "$_j fdescdir: $jail_fdescdir"
- debug "$_j procdir: $jail_procdir"
- debug "$_j ruleset: $jail_ruleset"
- debug "$_j fstab: $jail_fstab"
- debug "$_j exec start: $jail_exec_start"
- debug "$_j exec stop: $jail_exec_stop"
- debug "$_j flags: $jail_flags"
+ debug "$_j devfs enable: $_devfs"
+ debug "$_j fdescfs enable: $_fdescfs"
+ debug "$_j procfs enable: $_procfs"
+ debug "$_j mount enable: $_mount"
+ debug "$_j hostname: $_hostname"
+ debug "$_j ip: $_ip"
+ debug "$_j interface: $_interface"
+ debug "$_j root: $_rootdir"
+ debug "$_j devdir: $_devdir"
+ debug "$_j fdescdir: $_fdescdir"
+ debug "$_j procdir: $_procdir"
+ debug "$_j ruleset: $_ruleset"
+ debug "$_j fstab: $_fstab"
+ debug "$_j exec start: $_exec_start"
+ debug "$_j exec stop: $_exec_stop"
+ debug "$_j flags: $_flags"
+
+ if [ -z "${_hostname}" ]; then
+ err 3 "$name: No hostname has been defined for ${_j}"
+ fi
+ if [ -z "${_rootdir}" ]; then
+ err 3 "$name: No root directory has been defined for ${_j}"
+ fi
+ if [ -z "${_ip}" ]; then
+ err 3 "$name: No IP address has been defined for ${_j}"
+ fi
+
}
# set_sysctl rc_knob mib msg
@@ -122,24 +133,24 @@
#
jail_umount_fs()
{
- if checkyesno jail_fdescfs; then
- if [ -d "${jail_fdescdir}" ] ; then
- umount -f ${jail_fdescdir} >/dev/null 2>&1
+ if checkyesno _fdescfs; then
+ if [ -d "${_fdescdir}" ] ; then
+ umount -f ${_fdescdir} >/dev/null 2>&1
fi
fi
- if checkyesno jail_devfs; then
- if [ -d "${jail_devdir}" ] ; then
- umount -f ${jail_devdir} >/dev/null 2>&1
+ if checkyesno _devfs; then
+ if [ -d "${_devdir}" ] ; then
+ umount -f ${_devdir} >/dev/null 2>&1
fi
fi
- if checkyesno jail_procfs; then
- if [ -d "${jail_procdir}" ] ; then
- umount -f ${jail_procdir} >/dev/null 2>&1
+ if checkyesno _procfs; then
+ if [ -d "${_procdir}" ] ; then
+ umount -f ${_procdir} >/dev/null 2>&1
fi
fi
- if checkyesno jail_mount; then
- [ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
- umount -a -F "${jail_fstab}" >/dev/null 2>&1
+ if checkyesno _mount; then
+ [ -f "${_fstab}" ] || warn "${_fstab} does not exist"
+ umount -a -F "${_fstab}" >/dev/null 2>&1
fi
}
@@ -161,29 +172,29 @@
do
init_variables $_jail
if [ -f /var/run/jail_${_jail}.id ]; then
- echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
+ echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
continue;
fi
- if [ -n ${jail_interface} ]; then
- ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
+ if [ -n "${_interface}" ]; then
+ ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
fi
- if checkyesno jail_mount; then
- info "Mounting fstab for jail ${_jail} (${jail_fstab})"
- if [ ! -f "${jail_fstab}" ]; then
- err 3 "$name: ${jail_fstab} does not exist"
+ if checkyesno _mount; then
+ info "Mounting fstab for jail ${_jail} (${_fstab})"
+ if [ ! -f "${_fstab}" ]; then
+ err 3 "$name: ${_fstab} does not exist"
fi
- mount -a -F "${jail_fstab}"
+ mount -a -F "${_fstab}"
fi
- if checkyesno jail_devfs; then
+ if checkyesno _devfs; then
# If devfs is already mounted here, skip it.
- df -t devfs "${jail_devdir}" >/dev/null
+ df -t devfs "${_devdir}" >/dev/null
if [ $? -ne 0 ]; then
- info "Mounting devfs on ${jail_devdir}"
- devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+ info "Mounting devfs on ${_devdir}"
+ devfs_mount_jail "${_devdir}" ${_ruleset}
# Transitional symlink for old binaries
- if [ ! -L "${jail_devdir}/log" ]; then
+ if [ ! -L "${_devdir}/log" ]; then
__pwd="`pwd`"
- cd "${jail_devdir}"
+ cd "${_devdir}"
ln -sf ../var/run/log log
cd "$__pwd"
fi
@@ -193,28 +204,37 @@
# is a devfs(5) device of the same name.
# Jail console output
# __pwd="`pwd`"
- # cd "${jail_devdir}"
+ # cd "${_devdir}"
# ln -sf ../var/log/console console
# cd "$__pwd"
fi
- if checkyesno jail_fdescfs; then
- info "Mounting fdescfs on ${jail_fdescdir}"
- mount -t fdescfs fdesc "${jail_fdescdir}"
+ if checkyesno _fdescfs; then
+ info "Mounting fdescfs on ${_fdescdir}"
+ mount -t fdescfs fdesc "${_fdescdir}"
fi
- if checkyesno jail_procfs; then
- info "Mounting procfs onto ${jail_procdir}"
- if [ -d "${jail_procdir}" ] ; then
- mount -t procfs proc "${jail_procdir}"
+ if checkyesno _procfs; then
+ info "Mounting procfs onto ${_procdir}"
+ if [ -d "${_procdir}" ] ; then
+ mount -t procfs proc "${_procdir}"
fi
fi
_tmp_jail=${_tmp_dir}/jail.$$
- eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \
- ${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
- [ "$?" -eq 0 ] && echo -n " $jail_hostname"
- _jail_id=$(head -1 ${_tmp_jail})
- tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
+ eval jail ${_flags} -i ${_rootdir} ${_hostname} \
+ ${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
+ if [ "$?" -eq 0 ] ; then
+ echo -n " $_hostname"
+ _jail_id=$(head -1 ${_tmp_jail})
+ tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
+ echo ${_jail_id} > /var/run/jail_${_jail}.id
+ else
+ jail_umount_fs
+ if [ -n "${jail_interface}" ]; then
+ ifconfig ${jail_interface} -alias ${jail_ip}
+ fi
+ echo " cannot start jail \"${_jail}\": "
+ tail +2 ${_tmp_jail}
+ fi
rm -f ${_tmp_jail}
- echo ${_jail_id} > /var/run/jail_${_jail}.id
done
rmdir ${_tmp_dir}
echo '.'
@@ -229,22 +249,22 @@
_jail_id=$(cat /var/run/jail_${_jail}.id)
if [ ! -z "${_jail_id}" ]; then
init_variables $_jail
- if [ -n "${jail_exec_stop}" ]; then
- eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
- >> ${jail_rootdir}/var/log/console.log 2>&1
+ if [ -n "${_exec_stop}" ]; then
+ eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
+ >> ${_rootdir}/var/log/console.log 2>&1
fi
killall -j ${_jail_id} -TERM > /dev/null 2>&1
sleep 1
killall -j ${_jail_id} -KILL > /dev/null 2>&1
jail_umount_fs
- echo -n " $jail_hostname"
+ echo -n " $_hostname"
fi
- if [ -n ${jail_interface} ]; then
- ifconfig ${jail_interface} -alias ${jail_ip}
+ if [ -n "${_interface}" ]; then
+ ifconfig ${_interface} -alias ${_ip}
fi
rm /var/run/jail_${_jail}.id
else
- echo "cannot stop jail ${_jail}. No jail id in /var/run"
+ echo " cannot stop jail ${_jail}. No jail id in /var/run"
fi
done
echo '.'
==== //depot/projects/soc2005/nsswitch_cached/src/etc/rc.d/nsswitch#3 (text+ko) ====
@@ -23,7 +23,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD: src/etc/rc.d/nsswitch,v 1.7 2006/04/12 12:01:53 ume Exp $
+# $FreeBSD: src/etc/rc.d/nsswitch,v 1.11 2006/05/03 15:14:47 ume Exp $
#
# PROVIDE: nsswitch
@@ -36,50 +36,6 @@
start_cmd="nsswitch_start"
stop_cmd=":"
-convert_host_conf()
-{
- host_conf=$1; shift;
- nsswitch_conf=$1; shift;
-
- while read line; do
- line=${line##[ ]}
- case $line in
- hosts|local|file)
- _nsswitch="${_nsswitch}${_nsswitch+ }files"
- ;;
- dns|bind)
- _nsswitch="${_nsswitch}${_nsswitch+ }dns"
- ;;
- nis)
- _nsswitch="${_nsswitch}${_nsswitch+ }nis"
- ;;
- '#'*)
- ;;
- *)
- printf "Warning: unrecognized line [%s]", $line > "/dev/stderr"
- ;;
-
- esac
- done < $host_conf
-
- echo "hosts: $_nsswitch" > $nsswitch_conf
-}
-
-generate_nsswitch_conf()
-{
- nsswitch_conf=$1; shift;
-
- cat >$nsswitch_conf <<EOF
-group: compat
-group_compat: nis
-hosts: files dns
-networks: files
-passwd: compat
-passwd_compat: nis
-shells: files
-EOF
-}
-
generate_host_conf()
{
nsswitch_conf=$1; shift;
@@ -130,25 +86,11 @@
nsswitch_start()
{
- # Convert host.conf to nsswitch.conf if necessary
- #
- if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
- echo ''
- echo 'Warning: /etc/host.conf is no longer used'
- echo ' /etc/nsswitch.conf will be created for you'
- convert_host_conf /etc/host.conf /etc/nsswitch.conf
- fi
-
- # Generate default nsswitch.conf if none exists
- #
- if [ ! -f "/etc/nsswitch.conf" ]; then
- echo 'Generating nsswitch.conf.'
- generate_nsswitch_conf /etc/nsswitch.conf
- fi
-
# Generate host.conf for compatibility
#
- if [ ! -f "/etc/host.conf" ]; then
+ if [ ! -f "/etc/host.conf" -o \
+ "/etc/host.conf" -ot "/etc/nsswitch.conf" ]
+ then
echo 'Generating host.conf.'
generate_host_conf /etc/nsswitch.conf /etc/host.conf
fi
==== //depot/projects/soc2005/nsswitch_cached/src/etc/rc.firewall6#2 (text+ko) ====
@@ -1,7 +1,7 @@
#!/bin/sh -
############
# Setup system for IPv6 firewall service.
-# $FreeBSD: src/etc/rc.firewall6,v 1.16 2005/10/05 07:00:42 ume Exp $
+# $FreeBSD: src/etc/rc.firewall6,v 1.17 2006/05/12 19:17:33 mlaier Exp $
# Suck in the configuration variables.
if [ -z "${source_rc_confs_defined}" ]; then
@@ -54,17 +54,17 @@
############
# Only in rare cases do you want to change these rules
#
- ${fw6cmd} add 100 pass all from any to any via lo0
- ${fw6cmd} add 200 deny all from any to ::1
- ${fw6cmd} add 300 deny all from ::1 to any
+ ${fw6cmd} add 100 pass ip6 from any to any via lo0
+ ${fw6cmd} add 200 deny ip6 from any to ::1
+ ${fw6cmd} add 300 deny ip6 from ::1 to any
#
# ND
#
# DAD
- ${fw6cmd} add pass ipv6-icmp from :: to ff02::/16
+ ${fw6cmd} add pass ip6 from :: to ff02::/16 proto ipv6-icmp
# RS, RA, NS, NA, redirect...
- ${fw6cmd} add pass ipv6-icmp from fe80::/10 to fe80::/10
- ${fw6cmd} add pass ipv6-icmp from fe80::/10 to ff02::/16
+ ${fw6cmd} add pass ip6 from fe80::/10 to fe80::/10 proto ipv6-icmp
+ ${fw6cmd} add pass ip6 from fe80::/10 to ff02::/16 proto ipv6-icmp
}
if [ -n "${1}" ]; then
@@ -76,10 +76,10 @@
#
case ${ipv6_firewall_quiet} in
[Yy][Ee][Ss])
- fw6cmd="/sbin/ip6fw -q"
+ fw6cmd="/sbin/ipfw -q"
;;
*)
- fw6cmd="/sbin/ip6fw"
+ fw6cmd="/sbin/ipfw"
;;
esac
@@ -102,7 +102,7 @@
case ${ipv6_firewall_type} in
[Oo][Pp][Ee][Nn])
setup_local
- ${fw6cmd} add 65000 pass all from any to any
+ ${fw6cmd} add 65000 pass ip6 from any to any
;;
[Cc][Ll][Ii][Ee][Nn][Tt])
@@ -122,41 +122,42 @@
setup_local
# Allow any traffic to or from my own net.
- ${fw6cmd} add pass all from ${ip} to ${net}/${prefixlen}
- ${fw6cmd} add pass all from ${net}/${prefixlen} to ${ip}
+ ${fw6cmd} add pass ip6 from ${ip} to ${net}/${prefixlen}
+ ${fw6cmd} add pass ip6 from ${net}/${prefixlen} to ${ip}
# Allow any link-local multicast traffic
- ${fw6cmd} add pass all from fe80::/10 to ff02::/16
- ${fw6cmd} add pass all from ${net}/${prefixlen} to ff02::/16
+ ${fw6cmd} add pass ip6 from fe80::/10 to ff02::/16
+ ${fw6cmd} add pass ip6 from ${net}/${prefixlen} to ff02::/16
# Allow TCP through if setup succeeded
- ${fw6cmd} add pass tcp from any to any established
+ ${fw6cmd} add pass ip6 from any to any established proto tcp
# Allow IP fragments to pass through
- ${fw6cmd} add pass all from any to any frag
+ ${fw6cmd} add pass ip6 from any to any frag
# Allow setup of incoming email
- ${fw6cmd} add pass tcp from any to ${ip} 25 setup
+ ${fw6cmd} add pass ip6 from any to ${ip} 25 setup proto tcp
# Allow setup of outgoing TCP connections only
- ${fw6cmd} add pass tcp from ${ip} to any setup
+ ${fw6cmd} add pass ip6 from ${ip} to any setup proto tcp
# Disallow setup of all other TCP connections
- ${fw6cmd} add deny tcp from any to any setup
+ ${fw6cmd} add deny ip6 from any to any setup proto tcp
# Allow DNS queries out in the world
- ${fw6cmd} add pass udp from any 53 to ${ip}
- ${fw6cmd} add pass udp from ${ip} to any 53
+ ${fw6cmd} add pass ip6 from any 53 to ${ip} proto udp
+ ${fw6cmd} add pass ip6 from ${ip} to any 53 proto udp
# Allow NTP queries out in the world
- ${fw6cmd} add pass udp from any 123 to ${ip}
- ${fw6cmd} add pass udp from ${ip} to any 123
+ ${fw6cmd} add pass ip6 from any 123 to ${ip} proto udp
+ ${fw6cmd} add pass ip6 from ${ip} to any 123 proto udp
# Allow ICMPv6 destination unreach
- ${fw6cmd} add pass ipv6-icmp from any to any icmptypes 1
+ ${fw6cmd} add pass ip6 from any to any icmp6types 1 proto ipv6-icmp
# Allow NS/NA/toobig (don't filter it out)
- ${fw6cmd} add pass ipv6-icmp from any to any icmptypes 2,135,136
+ ${fw6cmd} add pass ip6 from any to any icmp6types 2,135,136 \
+ proto ipv6-icmp
# Everything else is denied by default, unless the
# IPV6FIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
@@ -185,94 +186,96 @@
setup_local
# Stop spoofing
- ${fw6cmd} add deny all from ${inet}/${iprefixlen} to any in via ${oif}
- ${fw6cmd} add deny all from ${onet}/${oprefixlen} to any in via ${iif}
+ ${fw6cmd} add deny ip6 from ${inet}/${iprefixlen} to any in via ${oif}
+ ${fw6cmd} add deny ip6 from ${onet}/${oprefixlen} to any in via ${iif}
# Stop unique local unicast address on the outside interface
- ${fw6cmd} add deny all from fc00::/7 to any via ${oif}
- ${fw6cmd} add deny all from any to fc00::/7 via ${oif}
+ ${fw6cmd} add deny ip6 from fc00::/7 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to fc00::/7 via ${oif}
# Stop site-local on the outside interface
- ${fw6cmd} add deny all from fec0::/10 to any via ${oif}
- ${fw6cmd} add deny all from any to fec0::/10 via ${oif}
+ ${fw6cmd} add deny ip6 from fec0::/10 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to fec0::/10 via ${oif}
# Disallow "internal" addresses to appear on the wire.
- ${fw6cmd} add deny all from ::ffff:0.0.0.0/96 to any via ${oif}
- ${fw6cmd} add deny all from any to ::ffff:0.0.0.0/96 via ${oif}
+ ${fw6cmd} add deny ip6 from ::ffff:0.0.0.0/96 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ::ffff:0.0.0.0/96 via ${oif}
# Disallow packets to malicious IPv4 compatible prefix.
- ${fw6cmd} add deny all from ::224.0.0.0/100 to any via ${oif}
- ${fw6cmd} add deny all from any to ::224.0.0.0/100 via ${oif}
- ${fw6cmd} add deny all from ::127.0.0.0/104 to any via ${oif}
- ${fw6cmd} add deny all from any to ::127.0.0.0/104 via ${oif}
- ${fw6cmd} add deny all from ::0.0.0.0/104 to any via ${oif}
- ${fw6cmd} add deny all from any to ::0.0.0.0/104 via ${oif}
- ${fw6cmd} add deny all from ::255.0.0.0/104 to any via ${oif}
- ${fw6cmd} add deny all from any to ::255.0.0.0/104 via ${oif}
+ ${fw6cmd} add deny ip6 from ::224.0.0.0/100 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ::224.0.0.0/100 via ${oif}
+ ${fw6cmd} add deny ip6 from ::127.0.0.0/104 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ::127.0.0.0/104 via ${oif}
+ ${fw6cmd} add deny ip6 from ::0.0.0.0/104 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ::0.0.0.0/104 via ${oif}
+ ${fw6cmd} add deny ip6 from ::255.0.0.0/104 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ::255.0.0.0/104 via ${oif}
- ${fw6cmd} add deny all from ::0.0.0.0/96 to any via ${oif}
- ${fw6cmd} add deny all from any to ::0.0.0.0/96 via ${oif}
+ ${fw6cmd} add deny ip6 from ::0.0.0.0/96 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ::0.0.0.0/96 via ${oif}
# Disallow packets to malicious 6to4 prefix.
- ${fw6cmd} add deny all from 2002:e000::/20 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:e000::/20 via ${oif}
- ${fw6cmd} add deny all from 2002:7f00::/24 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:7f00::/24 via ${oif}
- ${fw6cmd} add deny all from 2002:0000::/24 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:0000::/24 via ${oif}
- ${fw6cmd} add deny all from 2002:ff00::/24 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:ff00::/24 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:e000::/20 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:e000::/20 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:7f00::/24 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:7f00::/24 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:0000::/24 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:0000::/24 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:ff00::/24 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:ff00::/24 via ${oif}
- ${fw6cmd} add deny all from 2002:0a00::/24 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:0a00::/24 via ${oif}
- ${fw6cmd} add deny all from 2002:ac10::/28 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:ac10::/28 via ${oif}
- ${fw6cmd} add deny all from 2002:c0a8::/32 to any via ${oif}
- ${fw6cmd} add deny all from any to 2002:c0a8::/32 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:0a00::/24 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:0a00::/24 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:ac10::/28 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:ac10::/28 via ${oif}
+ ${fw6cmd} add deny ip6 from 2002:c0a8::/32 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to 2002:c0a8::/32 via ${oif}
- ${fw6cmd} add deny all from ff05::/16 to any via ${oif}
- ${fw6cmd} add deny all from any to ff05::/16 via ${oif}
+ ${fw6cmd} add deny ip6 from ff05::/16 to any via ${oif}
+ ${fw6cmd} add deny ip6 from any to ff05::/16 via ${oif}
# Allow TCP through if setup succeeded
${fw6cmd} add pass tcp from any to any established
# Allow IP fragments to pass through
- ${fw6cmd} add pass all from any to any frag
+ ${fw6cmd} add pass ip6 from any to any frag
# Allow setup of incoming email
- ${fw6cmd} add pass tcp from any to ${oip} 25 setup
+ ${fw6cmd} add pass ip6 from any to ${oip} 25 setup proto tcp
# Allow access to our DNS
- ${fw6cmd} add pass tcp from any to ${oip} 53 setup
- ${fw6cmd} add pass udp from any to ${oip} 53
- ${fw6cmd} add pass udp from ${oip} 53 to any
+ ${fw6cmd} add pass ip6 from any to ${oip} 53 setup proto tcp
+ ${fw6cmd} add pass ip6 from any to ${oip} 53 proto udp
+ ${fw6cmd} add pass ip6 from ${oip} 53 to any proto udp
# Allow access to our WWW
- ${fw6cmd} add pass tcp from any to ${oip} 80 setup
+ ${fw6cmd} add pass ip6 from any to ${oip} 80 setup proto tcp
# Reject&Log all setup of incoming connections from the outside
- ${fw6cmd} add deny log tcp from any to any in via ${oif} setup
+ ${fw6cmd} add deny log ip6 from any to any in via ${oif} setup \
+ proto tcp
# Allow setup of any other TCP connection
- ${fw6cmd} add pass tcp from any to any setup
+ ${fw6cmd} add pass ip6 from any to any setup proto tcp
# Allow DNS queries out in the world
- ${fw6cmd} add pass udp from any 53 to ${oip}
- ${fw6cmd} add pass udp from ${oip} to any 53
+ ${fw6cmd} add pass ip6 from any 53 to ${oip} proto udp
+ ${fw6cmd} add pass ip6 from ${oip} to any 53 proto udp
# Allow NTP queries out in the world
- ${fw6cmd} add pass udp from any 123 to ${oip}
- ${fw6cmd} add pass udp from ${oip} to any 123
+ ${fw6cmd} add pass ip6 from any 123 to ${oip} proto udp
+ ${fw6cmd} add pass ip6 from ${oip} to any 123 proto udp
# Allow RIPng
- #${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521
- #${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521
+ #${fw6cmd} add pass ip6 from fe80::/10 521 to ff02::9 521 proto udp
+ #${fw6cmd} add pass ip6 from fe80::/10 521 to fe80::/10 521 proto udp
# Allow ICMPv6 destination unreach
- ${fw6cmd} add pass ipv6-icmp from any to any icmptypes 1
+ ${fw6cmd} add pass ip6 from any to any icmp6types 1 proto ipv6-icmp
# Allow NS/NA/toobig (don't filter it out)
- ${fw6cmd} add pass ipv6-icmp from any to any icmptypes 2,135,136
+ ${fw6cmd} add pass ip6 from any to any icmp6types 2,135,136 \
+ proto ipv6-icmp
# Everything else is denied by default, unless the
# IPV6FIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
@@ -281,7 +284,7 @@
[Cc][Ll][Oo][Ss][Ee][Dd])
# Only enable the loopback interface
- ${fw6cmd} add 100 pass all from any to any via lo0
+ ${fw6cmd} add 100 pass ip6 from any to any via lo0
;;
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list