[src/trunk]: src/share/examples/npf remove file that did not go before.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/examples/npf remove file that did not go before.
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 00:48:10 +0000

details:   https://anonhg.NetBSD.org/src/rev/a4f2636bfff2
branches:  trunk
changeset: 787644:a4f2636bfff2
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Jun 27 14:52:58 2013 +0000

description:
remove file that did not go before.

diffstat:

 share/examples/npf/l2tp-gw.conf |  146 ----------------------------------------
 1 files changed, 0 insertions(+), 146 deletions(-)

diffs (150 lines):

diff -r 3c4ad976369a -r a4f2636bfff2 share/examples/npf/l2tp-gw.conf
--- a/share/examples/npf/l2tp-gw.conf   Thu Jun 27 14:51:30 2013 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,146 +0,0 @@
-# ex0 - (internal) network interface
-#      192.168.2.254/24
-# hme0 - (external) connection to Two Sigma
-#      74.66.0.142/24
-
-$int_if = "sk0"
-$ext_if = "bge0"
-
-alg "icmp"
-
-#
-# NAT for all.
-#
-map $ext_if dynamic 192.168.1.0/24 -> inet4($ext_if)
-
-#table <1> type tree file "/etc/npf_problem_sites"
-
-procedure "log" {
-       log: npflog0
-}
-
-group (name "external", interface $ext_if) {
-       #
-       # Allow DHCP requests (even to reserved addresses).
-       #
-       pass out final proto udp from any port bootpc to any port bootps
-       pass in final proto udp from any port bootps to any port bootpc
-       pass in final proto udp from any port bootps to 255.255.255.255 port bootpc
-       #
-       # Allow DNS queries
-       #
-       pass stateful out final proto udp to any port domain
-
-       # Problem sites.
-       #block in final from <1> apply "log"
-
-       #
-       # Block IANA-reserved addresses from entering or exiting
-       #
-       block in final from 10.0.0.0/8 apply "log"
-       block in final from 172.16.0.0/12 apply "log"
-       block in final from 192.168.0.0/16 apply "log"
-       #
-       block out final to 10.0.0.0/8 apply "log"
-       block out final to 172.16.0.0/12 apply "log"
-       block out final to 192.168.0.0/16 apply "log"
-       #
-       pass stateful out final proto tcp all
-       pass stateful out final proto udp all
-       pass stateful out final proto icmp all
-       pass stateful out final proto ipv6-icmp all
-
-       block in final proto tcp to 192.168.2.255 apply "log"
-
-       #
-       # Prevent IP spoofing attacks on the firewall.
-       #
-       block in final from 127.0.0.1 apply "log"
-
-       #
-       # L2TP/IPSEC-NAT-T Tunnels.
-       #
-       pass in final proto udp from any to inet4($ext_if) port isakmp
-       pass in final proto esp from any to inet4($ext_if)
-       pass out final proto esp from any to inet4($ext_if)
-       pass in final proto ah from any to inet4($ext_if)
-       pass in final from any to inet4($ext_if) port "ipsec-nat-t"
-
-       #
-       # Pass multicast.
-       # IGMP uses 224.0.0.1.
-       #
-       pass in final proto igmp all
-       pass in final from any to 224.0.0.0/4
-
-       #
-       # Pass established connections.
-       #
-       pass in final proto tcp flags A/A all
-       pass in final proto tcp flags R/R all
-       #
-       # VNC
-       #
-       pass in final proto tcp from any to any port 5500
-
-       #
-       # Web servers
-       #
-       #pass in final proto tcp from any to <A>/<M> port http
-
-       #
-       # Services on localhost.
-       #
-       #pass in final proto udp from any port ntp
-       #pass in final to any port imap
-       #pass in final to any port domain
-       #pass in final proto tcp to any port smtp
-       #pass in final proto tcp to any port auth
-       #pass in final proto tcp to any port ssh
-       #pass in final proto tcp to any port bgp
-       #pass in final proto tcp to any port ftp
-       #pass in final proto tcp to any port "ftp-data"
-       #pass in final proto udp to any port isakmp
-       #pass in final proto udp to any port 8001
-       #pass in final proto tcp to inet4($ext_if) port www
-
-       #
-       # Handle traceroute gracefully for up-to 30 hops away.
-       # FIXME: port-unr for ICMP is not yet supported.
-       #
-       block return-icmp in final proto udp to any port 33433-33524 apply "log"
-
-       #
-       # Only allow selected ICMP types.
-       #
-       pass in final proto icmp icmp-type echo all
-       pass in final proto icmp icmp-type timxceed all
-       pass in final proto icmp icmp-type unreach all
-       pass in final proto icmp icmp-type echoreply all
-       pass in final proto icmp icmp-type sourcequench all
-       pass in final proto icmp icmp-type paramprob all
-       pass in final proto ipv6-icmp all
-
-       #
-       # Send back a reset for new connections on tcp.
-       #
-       block return-rst in final proto tcp flags S/SA all apply "log"
-}
-
-group (name "internal", interface $int_if) {
-       # Pass everything to internal networks,
-       # should be ok, because we are nat'ed.
-       pass final all
-}
-
-group (default) {
-       # Loopback interface should allows packets to traverse it.
-       pass final on lo0 all
-       # For one L2TP tunnel, needs interface pre-created, post-destroyed
-       pass final on ppp0 all
-
-       #
-       # Block everything by default.
-       #
-       block final all apply "log"
-}

Prev by Date: [src/trunk]: src/external/gpl3/gcc/dist/gcc export ENABLE_SHARED again, for m...
Next by Date: [src/trunk]: src/sys/arch/sparc64/sparc64 Simplify with sy_invoke()
Previous by Thread: [src/trunk]: src/external/gpl3/gcc/dist/gcc export ENABLE_SHARED again, for m...
Next by Thread: [src/trunk]: src/sys/arch/sparc64/sparc64 Simplify with sy_invoke()
Indexes:

Home | Main Index | Thread Index | Old Index