Permalink
Browse files

update

  • Loading branch information...
1 parent a8c6a86 commit 251ee96881795a404b55d5399025f3bd3ee61cec @hornos committed Mar 6, 2012
Showing with 10 additions and 6 deletions.
  1. +1 −0 .gitignore
  2. +0 −1 lib/net/ipfw/.#kernel
  3. +7 −3 lib/net/ipfw/kernel
  4. +0 −1 lib/net/ipfw/spoof/.#kernel
  5. +2 −1 lib/net/ipfw/spoof/kernel
View
@@ -1,4 +1,5 @@
.DS*
+.#*
*.old
*.old*
*.new
View
View
@@ -36,16 +36,20 @@ function net/ipfw/default() {
#------------------------------------------------------------------------------------------
# revpath
${net_ipfw} add 100 set ${_d} deny log ip from any to any not verrevpath in
+
# localhost
${net_ipfw} add set ${_d} allow ip from me to me
+
# spoof
${net_ipfw} add set ${_d} deny log ip from $lo to any in
${net_ipfw} add set ${_d} deny log ip from any to $lo in
+
# nmap
${net_ipfw} add set ${_d} deny log ip from any to any ipoptions rr,ts,ssrr,lsrr in
- ${net_ipfw} add set ${_d} deny log tcp from any to any frag
- ${net_ipfw} add set ${_d} deny log tcp from any to $lo in
- ${net_ipfw} add set ${_d} deny log tcp from any to any 0 in
+
+# ${net_ipfw} add set ${_d} deny log tcp from any to any frag
+# ${net_ipfw} add set ${_d} deny log tcp from any to $lo in
+# ${net_ipfw} add set ${_d} deny log tcp from any to any 0 in
${net_ipfw} add set ${_d} deny log any from any to any
}
@@ -14,9 +14,10 @@ function net/ipfw/spoof/revpath() {
local _if="${2:-in}"
local _s=${2:-false}
- # log proto from to options interface
+ # rule log proto from to options interface
local _rule="log ip from any to any not verrevpath ${_if}"
+
if ${_s} ; then
net/ipfw/deny ${!_no} ${_rule}
return $?

0 comments on commit 251ee96

Please sign in to comment.