head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.44 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.42 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.40 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.38 pgoyette-compat-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.36 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.34 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.32 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.2 netbsd-5-1-5-RELEASE:1.2 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.28 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 agc-symver:1.2.0.30 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.2.0.26 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.24 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.22 bouyer-quota2-base:1.2 matt-nb5-pq3:1.2.0.20 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.18 netbsd-5-1-RELEASE:1.2 netbsd-5-1-RC4:1.2 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 netbsd-5-0-1-RELEASE:1.2 jym-xensuspend-nbase:1.2 netbsd-5-0:1.2.0.16 netbsd-5-0-RELEASE:1.2 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.14 jym-xensuspend-base:1.2 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.12 netbsd-5-base:1.2 mjf-devfs2:1.2.0.10 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 v4-1-29:1.1.1.10 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.8 yamt-pf42-base:1.2 keiichi-mipv6:1.2.0.6 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.4 cube-autoconf-base:1.2 hpcarm-cleanup:1.2.0.2 hpcarm-cleanup-base:1.2 v4-1-23:1.1.1.10 v4-1-22:1.1.1.10 v4-1-20:1.1.1.10 v4-1-19:1.1.1.10 v4-1-13:1.1.1.10 v4-1-8:1.1.1.9 v4-1-6:1.1.1.9 v4-1-5:1.1.1.9 v4-1-3:1.1.1.9 v4-1-1:1.1.1.8 v3-4-29:1.1.1.7 v3-4-27:1.1.1.6 v3-4-25:1.1.1.6 v3-4-23:1.1.1.5 v3-4-16:1.1.1.4 v3-4-9:1.1.1.3 v3-4-6:1.1.1.3 v3-4-4:1.1.1.2 v3-4-3:1.1.1.2 v3-4-2:1.1.1.2 v3-4-1:1.1.1.2 v3-3-8:1.1.1.1 v3-3-6:1.1.1.1 v3-3-5:1.1.1.1 DARRENR:1.1.1; locks; strict; comment @# @; 1.2 date 99.12.11.22.49.53; author veego; state dead; branches; next 1.1; 1.1 date 99.12.11.22.24.06; author veego; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 99.12.11.22.24.06; author veego; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2000.05.03.10.56.48; author veego; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2000.06.12.10.21.40; author veego; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2001.03.26.03.54.11; author mike; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2002.01.24.08.18.32; author martti; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2002.03.14.12.30.13; author martti; state Exp; branches; next 1.1.1.7; 1.1.1.7 date 2002.09.19.07.56.39; author martti; state Exp; branches; next 1.1.1.8; 1.1.1.8 date 2004.03.28.08.56.10; author martti; state Exp; branches; next 1.1.1.9; 1.1.1.9 date 2004.07.23.05.34.27; author martti; state Exp; branches; next 1.1.1.10; 1.1.1.10 date 2006.04.04.16.09.12; author martti; state Exp; branches; next ; desc @@ 1.2 log @We don't need these files. @ text @#!/bin/sh id=`/usr/sbin/modinfo | grep ipf | awk ' { print $1 } ' -` pid=`ps -e | grep ipmon | awk ' { print $1 } ' -` PATH=${PATH}:/sbin:/opt/ipf/bin IPFILCONF=/etc/opt/ipf/ipf.conf IPNATCONF=/etc/opt/ipf/ipnat.conf case "$1" in start) if [ x$pid != x ] ; then kill -TERM $pid fi if [ x$id != x ] ; then modunload -i $id fi modload /usr/kernel/drv/ipf if [ -r ${IPFILCONF} ]; then ipf -IFa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: load of ${IPFILCONF} into alternate set failed" else ipf -s fi fi if [ -r ${IPNATCONF} ]; then ipnat -CF -f ${IPNATCONF} if [ $? != 0 ]; then echo "$0: load of ${IPNATCONF} failed" fi fi # ipmon -sn & ;; stop) if [ x$pid != x ] ; then kill -TERM $pid fi if [ x$id != x ] ; then modunload -i $id fi ;; reload) if [ -r ${IPFILCONF} ]; then ipf -I -Fa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: reload of ${IPFILCONF} into alternate set failed" else ipf -s fi fi if [ -r ${IPNATCONF} ]; then ipnat -CF -f ${IPNATCONF} if [ $? != 0 ]; then echo "$0: reload of ${IPNATCONF} failed" fi fi ;; *) echo "Usage: $0 (start|stop|reload)" >&2 exit 1 ;; esac exit 0 @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Inital import of IP Filter 3.3.5 under the dist directory. @ text @@ 1.1.1.2 log @Import IP Filter 3.4.1 @ text @a7 13 block_default_workaround() { ipf -F a echo "constructing minimal name resolution rules..." NAMESERVERS=`cat /etc/resolv.conf | nawk '/nameserver/ {printf "%s ", $2}'` for NS in $NAMESERVERS do IF_TO_NS=`/usr/sbin/route -n get $NS | nawk '/interface/ {print $NF}'` IP_TO_NS=`ifconfig hme0 | head -2 | tail -1 | nawk '{print $2}'` echo "pass out quick proto udp from $IP_TO_NS to $NS port = 53 keep state" | \ ipf -f - done } a17 4 BLOCK_DEFAULT=`/sbin/ipf -V | grep Default | nawk '{print $2}'` if [ x$BLOCK_DEFAULT = "xblock" ] ; then block_default_workaround fi @ 1.1.1.3 log @Import IP Filter 3.4.6 @ text @d12 4 a15 5 for NS in $NAMESERVERS ; do IF_TO_NS=`/usr/sbin/route -n get $NS | \ nawk '$1 == "interface:" { print $NF ; exit }'` IP_TO_NS=`ifconfig $IF_TO_NS | \ nawk 'NR == "2" { print $2 ; exit }'` d31 2 a32 2 if `/sbin/ipf -V | \ nawk '$1 == "Default:" && $2 == "pass" { exit 1 }'` ; then d48 1 a48 1 ipmon -sn & a76 10 reipf) if [ -r ${IPFILCONF} ]; then ipf -I -Fa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: reload of ${IPFILCONF} into alternate set failed" else ipf -s fi fi ;; @ 1.1.1.4 log @Import IP Filter 3.4.16 @ text @d2 2 a3 2 id=`/usr/sbin/modinfo | awk '/ipf/ { print $1 } ' -` pid=`ps -e | awk '/ipmon/ { print $1 } ' -` a5 1 IP6FILCONF=/etc/opt/ipf/ipf6.conf d24 1 a24 1 if [ x"$pid" != x ] ; then a42 9 if [ -r ${IP6FILCONF} ]; then ipf -IFa -6f ${IP6FILCONF} if [ $? != 0 ]; then echo "$0: load of ${IPFILCONF} into alternate set failed" else ipf -IF a ipf -6f ${IP6FILCONF} fi fi d49 1 a49 1 ipmon -s & d53 1 a53 1 if [ x"$pid" != x ] ; then @ 1.1.1.5 log @Import IPFilter 3.4.23 @ text @d2 2 a3 9 # PIDFILE=/etc/opt/ipf/ipmon.pid id=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` if [ -f $PIDFILE ] ; then pid=`cat $PIDFILE 2>/dev/null` else pid=`/bin/ps -e 2>&1 | awk '/ipmon/ { print $1 } ' - 2>/dev/null` fi d10 11 a20 22 ipf -F a echo "constructing minimal name resolution rules..." NAMESERVERS=`cat /etc/resolv.conf 2>/dev/null| \ nawk '/nameserver/ {printf "%s ", $2}' 2>/dev/null` if [ -z "$NAMESERVERS" ] ; then return fi for NS in $NAMESERVERS ; do IF_TO_NS=`/usr/sbin/route -n get $NS 2>/dev/null| \ nawk '$1 == "interface:" { print $NF ; exit }' \ 2>dev/null` if [ -z "$IF_TO_NS" ] ; then continue fi IP_TO_NS=`ifconfig $IF_TO_NS 2>/dev/null| \ nawk 'NR == "2" { print $2 ; exit }' 2>/dev/null` if [ -z "$IP_TO_NS" ] ; then continue fi echo "pass out on $IF_TO_NS quick proto udp from $IP_TO_NS to $NS port = 53 keep state" | \ ipf -f - done d26 1 a26 1 kill -TERM $pid 2>/dev/null d29 1 a29 1 modunload -i $id 2>/dev/null a43 1 ipf -y d59 1 a59 1 ipmon -Ds @ 1.1.1.6 log @Import IPFilter 3.4.25 @ text @d27 1 a27 1 2>/dev/null` d36 1 a36 1 echo "pass out quick on $IF_TO_NS proto udp from $IP_TO_NS to $NS port = 53 keep state" | \ @ 1.1.1.7 log @Import IPFilter 3.4.29 @ text @a40 41 load_ipf_config() { bad=0 if [ -r ${IPFILCONF} ]; then if `/sbin/ipf -V | \ nawk '$1 == "Default:" && $2 == "pass" { exit 1 }'` ; then block_default_workaround fi ipf -IFa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: load of ${IPFILCONF} into alternate set failed" bad=1 fi fi if [ -r ${IP6FILCONF} ]; then ipf -6IFa -f ${IP6FILCONF} if [ $? != 0 ]; then echo "$0: load of ${IPFILCONF} into alternate set failed" bad=1 fi fi if [ $bad -eq 0 ] ; then ipf -s -y else echo Not switching config due to load error. fi } load_ipnat_config() { if [ -r ${IPNATCONF} ]; then ipnat -CF -f ${IPNATCONF} if [ $? != 0 ]; then echo "$0: load of ${IPNATCONF} failed" else ipf -y fi fi } d50 28 a77 2 load_ipf_config load_ipnat_config d91 14 a104 2 load_ipf_config load_ipnat_config d108 8 a115 4 load_ipf_config ;; reipnat) load_ipnat_config d118 1 a118 1 echo "Usage: $0 (start|stop|reload|reipf|reipnat)" >&2 @ 1.1.1.8 log @Import IPFilter 4.1.1 @ text @d3 1 a3 1 IPFBASE=/etc/opt/ipf d5 3 a7 8 PATH=/bin:/sbin:/usr/sbin:${PATH}:/opt/ipf/bin IPFILCONF=${IPFBASE}/ipf.conf IP6FILCONF=${IPFBASE}/ipf6.conf IPNATCONF=${IPFBASE}/ipnat.conf IPPOOLCONF=${IPFBASE}/ippool.conf PFILCHECKED=no if [ -d /var/run ] ; then PIDFILE=/var/run/ipmon.pid d9 1 a9 1 PIDFILE=${IPFBASE}/ipmon.pid d11 4 a14 46 logmsg() { logger -p local0.emerg -t ipfilter "$1" echo "$1" >&2 } checkpfil() { if [ $PFILCHECKED = yes ] ; then return fi if [ -z "`ndd /dev/pfil qif_status 2>/dev/null`" ] ; then logmsg "pfil not available to support ipfilter" exit 1 fi if [ `uname -r|cut -d. -f2` -gt 7 ] ; then realnic=`/sbin/ifconfig -a modlist 2>/dev/null | grep -c pfil` else for i in `ifconfig -a | cut -d: -f1 | egrep -v '[ ]|^lo'` do if strconf -m pfil < /dev/$i >/dev/null 2>&1 ; then realnic=1; break; fi done fi if [ $realnic -eq 0 ] ; then logmsg "pfil not configured for firewall/NAT operation" fi PFILCHECKED=yes } getids() { id=`modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` if [ -f $PIDFILE ] ; then pid=`cat $PIDFILE 2>/dev/null` else pid=`pgrep ipmon` fi } d25 1 a25 1 IF_TO_NS=`route -n get $NS 2>/dev/null| \ d45 1 a45 2 checkpfil if `ipf -V | \ a55 1 checkpfil a71 1 checkpfil a81 12 load_ippool_config() { if [ -r ${IPPOOLCONF} ]; then checkpfil ippool -F ippool -f ${IPPOOLCONF} if [ $? != 0 ]; then echo "$0: load of ${IPPOOLCONF} failed" fi fi } d84 6 a89 3 getids [ -n "$pid" ] && kill -TERM $pid 2>/dev/null [ -n "$id" ] && modunload -i $id 2>/dev/null a90 1 load_ippool_config d97 5 a101 29 getids [ -n "$pid" ] && kill -TERM $pid /bin/rm -f $PIDFILE [ -n "$id" ] && modunload -i $id ;; pause) getids ipfs -l ipfs -NS -w ipf -D if [ -f $PIDFILE ] ; then if kill -0 $pid; then kill -TERM $pid else cp /dev/null $PIDFILE fi fi ;; resume) getids ipf -E ipfs -R load_ippool_config load_ipf_config load_ipnat_config if [ -f $PIDFILE -a x$pid != x ] ; then ipmon -Ds a105 1 load_ippool_config a112 1 a115 1 d117 1 a117 1 echo "Usage: $0 (start|stop|reload|reipf|reipnat|pause|resume)" >&2 @ 1.1.1.9 log @Import IPFilter 4.1.3 @ text @d54 1 a54 2 ipfid=`modinfo 2>&1 | awk '/ipf / { print $1 } ' - 2>/dev/null` ipfruleid=`modinfo 2>&1 | awk '/ipfrule/ { print $1 } ' - 2>/dev/null` d148 1 a148 2 [ -n "$ipfruleid" ] && modunload -i $ipfruleid 2>/dev/null [ -n "$ipfid" ] && modunload -i $ipfid 2>/dev/null a149 3 if [ -f /usr/kernel/drv/ipfrule ] ; then modload /usr/kernel/drv/ipfrule fi d160 1 a160 2 [ -n "$ipfruleid" ] && modunload -i $ipfruleid 2>/dev/null [ -n "$ipfid" ] && modunload -i $ipfid @ 1.1.1.10 log @Import IPFilter 4.1.13 @ text @a17 11 getpid() { if [ -f /usr/bin/pgrep ] ; then rval=`pgrep $1` else rval=`ps -ef | awk "/$1/ { print \\$2; } " -` fi return $rval } d59 1 a59 2 getpid ipmon pid=$? @