head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.44 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.42 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.40 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.38 pgoyette-compat-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.36 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.34 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.32 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.2 netbsd-5-1-5-RELEASE:1.2 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.28 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 agc-symver:1.2.0.30 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.2.0.26 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.24 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.22 bouyer-quota2-base:1.2 matt-nb5-pq3:1.2.0.20 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.18 netbsd-5-1-RELEASE:1.2 netbsd-5-1-RC4:1.2 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 netbsd-5-0-1-RELEASE:1.2 jym-xensuspend-nbase:1.2 netbsd-5-0:1.2.0.16 netbsd-5-0-RELEASE:1.2 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.14 jym-xensuspend-base:1.2 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.12 netbsd-5-base:1.2 mjf-devfs2:1.2.0.10 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 v4-1-29:1.1.1.1 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.8 yamt-pf42-base:1.2 keiichi-mipv6:1.2.0.6 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.4 cube-autoconf-base:1.2 hpcarm-cleanup:1.2.0.2 hpcarm-cleanup-base:1.2 v4-1-23:1.1.1.1 v4-1-22:1.1.1.1 v4-1-20:1.1.1.1 v4-1-19:1.1.1.1 v4-1-13:1.1.1.1 v4-1-8:1.1.1.1 v4-1-6:1.1.1.1 v4-1-5:1.1.1.1 v4-1-3:1.1.1.1 v4-1-1:1.1.1.1 DARRENR:1.1.1; locks; strict; comment @# @; 1.2 date 2004.03.28.09.04.41; author martti; state dead; branches; next 1.1; 1.1 date 2004.03.28.08.56.07; author martti; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2004.03.28.08.56.07; author martti; state Exp; branches; next ; desc @@ 1.2 log @FILE REMOVED @ text @diff -c tmp/etc/netstart etc/netstart *** tmp/etc/netstart 16 Feb 2003 23:25:40 -0000 1.86 --- etc/netstart 8 Jun 2003 07:40:21 -0000 *************** *** 181,186 **** --- 181,196 ---- domainname `cat /etc/defaultdomain` fi + # Configure the IP filter before configuring network interfaces + if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then + echo 'configuring IP filter' + ipf -Fa -f ${ipfilter_rules} + ipfresync="ipf -y" + else + ipfilter=NO + ipfresync=NO + fi + # Set the address for the loopback interface. # It will also initialize IPv6 address for lo0 (::1 and others). ifconfig lo0 inet localhost *************** *** 337,339 **** --- 347,362 ---- bridgestart $if done + + # Configure NAT after configuring network interfaces + if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then + echo 'configuring NAT' + ipnat -CF -f ${ipnat_rules} + else + ipnat=NO + fi + + # Interfaces have come up so we should do an ipf -y if we're using IP filter. + if [ "${ipfresync}" != "NO" ]; then + ${ipfresync} + fi diff -c tmp/etc/rc etc/rc *** tmp/etc/rc 23 Mar 2003 18:45:34 -0000 1.225 --- etc/rc 8 Jun 2003 07:40:22 -0000 *************** *** 220,225 **** --- 220,229 ---- echo 'starting named'; named $named_flags fi + if [ X"${ipfilter}" = X"YES" -a X"${ipmon_flags}" != X"NO" ]; then + echo 'starting ipmon'; ipmon ${ipmon_flags} + fi + # $isakmpd_flags is imported from /etc/rc.conf; # If $isakmpd_flags == NO or /etc/isakmpd/isakmpd.policy doesn't exist, then # isakmpd isn't run. diff -c tmp/etc/rc.conf etc/rc.conf *** tmp/etc/rc.conf 10 Mar 2003 01:05:28 -0000 1.86 --- etc/rc.conf 8 Jun 2003 07:40:24 -0000 *************** *** 52,58 **** lockd=NO gated=NO amd=NO ! pf=NO # Packet filter / NAT portmap=NO # Note: inetd(8) rpc services need portmap too inetd=YES # almost always needed check_quotas=YES # NO may be desirable in some YP environments --- 52,60 ---- lockd=NO gated=NO amd=NO ! ipfilter=NO # To enable ipfilter, set to YES ! ipnat=NO # for "YES", ipfilter must also be "YES" ! pf=NO # Enable pf(4) Packet filter / NAT portmap=NO # Note: inetd(8) rpc services need portmap too inetd=YES # almost always needed check_quotas=YES # NO may be desirable in some YP environments *************** *** 76,81 **** --- 78,86 ---- nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver amd_dir=/tmp_mnt # AMD's mount directory amd_master=/etc/amd/master # AMD 'master' map + ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering with IP Filter + ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation + ipmon_flags=-Ds # To disable logging, use ipmon_flags=NO syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log" pf_rules=/etc/pf.conf # Packet filter rules file pflogd_flags= # add more flags, ie. "-s 256" @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Import IPFilter 4.1.1 @ text @@