head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.46 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.44 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.42 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.40 pgoyette-compat-base:1.2 perseant-stdc-iso10646:1.2.0.38 perseant-stdc-iso10646-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.36 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.34 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.32 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.2 netbsd-5-1-5-RELEASE:1.2 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.28 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 agc-symver:1.2.0.30 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.2.0.26 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.24 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.22 bouyer-quota2-base:1.2 matt-nb5-pq3:1.2.0.20 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.18 netbsd-5-1-RELEASE:1.2 netbsd-5-1-RC4:1.2 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 netbsd-5-0-1-RELEASE:1.2 jym-xensuspend-nbase:1.2 netbsd-5-0:1.2.0.16 netbsd-5-0-RELEASE:1.2 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.14 jym-xensuspend-base:1.2 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.12 netbsd-5-base:1.2 mjf-devfs2:1.2.0.10 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.8 yamt-pf42-base:1.2 keiichi-mipv6-nbase:1.2 keiichi-mipv6:1.2.0.6 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.4 cube-autoconf-base:1.2 hpcarm-cleanup:1.2.0.2 hpcarm-cleanup-base:1.2 netbsd-1-4-PATCH003:1.1.1.1.4.1 netbsd-1-4-PATCH002:1.1.1.1.4.1 wrstuden-devbsize:1.1.1.1.0.8 wrstuden-devbsize-base:1.1 comdex-fall-1999:1.1.1.1.0.6 comdex-fall-1999-base:1.1 netbsd-1-4-PATCH001:1.1 netbsd-1-4-RELEASE:1.1 netbsd-1-4:1.1.1.1.0.4 netbsd-1-4-base:1.1 netbsd-1-3-PATCH003:1.1.1.1.2.2 netbsd-1-3-PATCH003-CANDIDATE2:1.1.1.1.2.2 netbsd-1-3-PATCH003-CANDIDATE1:1.1.1.1.2.2 netbsd-1-3-PATCH003-CANDIDATE0:1.1.1.1.2.2 v3-2-10:1.1.1.1 v3-2-9:1.1.1.1 v3-2-7:1.1.1.1 v3-2-5:1.1.1.1 netbsd-1-3-PATCH002:1.1.1.1.2.2 netbsd-1-3-PATCH001:1.1.1.1.2.2 netbsd-1-3-RELEASE:1.1.1.1.2.2 netbsd-1-3-BETA:1.1.1.1.2.2 netbsd-1-3:1.1.1.1.0.2 v3-2-1:1.1.1.1 DARRENR:1.1.1; locks; strict; comment @# @; 1.2 date 99.12.12.11.30.47; author veego; state dead; branches; next 1.1; 1.1 date 97.11.23.20.46.46; author veego; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 97.11.23.20.46.46; author veego; state Exp; branches 1.1.1.1.2.1 1.1.1.1.4.1 1.1.1.1.8.1; next ; 1.1.1.1.2.1 date 97.11.23.20.46.46; author veego; state dead; branches; next 1.1.1.1.2.2; 1.1.1.1.2.2 date 97.11.23.22.26.03; author veego; state Exp; branches; next ; 1.1.1.1.4.1 date 99.12.20.21.10.48; author he; state dead; branches; next ; 1.1.1.1.8.1 date 99.12.27.18.37.49; author wrstuden; state dead; branches; next ; desc @@ 1.2 log @Use the new IP Filter dist layout for. We are now at version 3.3.5. @ text @#!/usr/local/bin/perl # for best results, bring up all your interfaces before running this open(I, "ifconfig -a|") || die $!; while () { chop; if (/^[a-zA-Z]+\d+:/) { ($iface = $_) =~ s/^([a-zA-Z]+\d+).*/$1/; $ifaces{$iface} = $iface; next; } if (/inet/) { if (/\-\-\>/) { # PPP, (SLIP?) ($inet{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$1/; ($ppp{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$2/; } else { ($inet{$iface} = $_) =~ s/.*inet ([^ ]+).*/$1/; } } if (/netmask/) { ($mask = $_) =~ s/.*netmask ([^ ]+).*/$1/; $mask =~ s/^/0x/ if ($mask =~ /^[0-9a-f]*$/); $netmask{$iface} = $mask; } if (/broadcast/) { ($bcast{$iface} = $_) =~ s/.*broadcast ([^ ]+).*/$1/; } } foreach $i (keys %ifaces) { $net{$i} = $inet{$i}."/".$netmask{$i} if (defined($inet{$i})); } # # print out route suggestions # print "#\n"; print "# The following routes should be configured, if not already:\n"; print "#\n"; foreach $i (keys %ifaces) { next if (($i =~ /lo/) || !defined($net{$i}) || defined($ppp{$i})); print "# route add $inet{$i} localhost 0\n"; } print "#\n"; # # print out some generic filters which people should use somewhere near the top # print "block in log quick from any to any with ipopts\n"; print "block in log quick proto tcp from any to any with short\n"; $grpi = 0; foreach $i (keys %ifaces) { if (!defined($inet{$i})) { next; } $grpi += 100; $grpo = $grpi + 50; if ($i !~ /lo/) { print "pass out on $i all head $grpo\n"; print "block out from 127.0.0.0/8 to any group $grpo\n"; print "block out from any to 127.0.0.0/8 group $grpo\n"; print "block out from any to $inet{$i}/32 group $grpo\n"; print "pass in on $i all head $grpi\n"; print "block in from 127.0.0.0/8 to any group $grpi\n"; print "block in from $inet{$i}/32 to any group $grpi\n"; foreach $j (keys %ifaces) { if ($i ne $j && $j !~ /^lo/ && defined($net{$j})) { print "block in from $net{$j} to any group $grpi\n"; } } } } @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @import missing files from ip-filter 3.2.1 @ text @@ 1.1.1.1.2.1 log @file mkfilters was added on branch netbsd-1-3 on 1997-11-23 22:26:03 +0000 @ text @d1 73 @ 1.1.1.1.2.2 log @Sync w/ trunk. @ text @a0 73 #!/usr/local/bin/perl # for best results, bring up all your interfaces before running this open(I, "ifconfig -a|") || die $!; while () { chop; if (/^[a-zA-Z]+\d+:/) { ($iface = $_) =~ s/^([a-zA-Z]+\d+).*/$1/; $ifaces{$iface} = $iface; next; } if (/inet/) { if (/\-\-\>/) { # PPP, (SLIP?) ($inet{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$1/; ($ppp{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$2/; } else { ($inet{$iface} = $_) =~ s/.*inet ([^ ]+).*/$1/; } } if (/netmask/) { ($mask = $_) =~ s/.*netmask ([^ ]+).*/$1/; $mask =~ s/^/0x/ if ($mask =~ /^[0-9a-f]*$/); $netmask{$iface} = $mask; } if (/broadcast/) { ($bcast{$iface} = $_) =~ s/.*broadcast ([^ ]+).*/$1/; } } foreach $i (keys %ifaces) { $net{$i} = $inet{$i}."/".$netmask{$i} if (defined($inet{$i})); } # # print out route suggestions # print "#\n"; print "# The following routes should be configured, if not already:\n"; print "#\n"; foreach $i (keys %ifaces) { next if (($i =~ /lo/) || !defined($net{$i}) || defined($ppp{$i})); print "# route add $inet{$i} localhost 0\n"; } print "#\n"; # # print out some generic filters which people should use somewhere near the top # print "block in log quick from any to any with ipopts\n"; print "block in log quick proto tcp from any to any with short\n"; $grpi = 0; foreach $i (keys %ifaces) { if (!defined($inet{$i})) { next; } $grpi += 100; $grpo = $grpi + 50; if ($i !~ /lo/) { print "pass out on $i all head $grpo\n"; print "block out from 127.0.0.0/8 to any group $grpo\n"; print "block out from any to 127.0.0.0/8 group $grpo\n"; print "block out from any to $inet{$i}/32 group $grpo\n"; print "pass in on $i all head $grpi\n"; print "block in from 127.0.0.0/8 to any group $grpi\n"; print "block in from $inet{$i}/32 to any group $grpi\n"; foreach $j (keys %ifaces) { if ($i ne $j && $j !~ /^lo/ && defined($net{$j})) { print "block in from $net{$j} to any group $grpi\n"; } } } } @ 1.1.1.1.8.1 log @Pull up to last week's -current. @ text @d1 73 @ 1.1.1.1.4.1 log @Pull up file removal (requested by darrenr): Update IPF to version 3.3.5. @ text @d1 73 @