Fix ICMP problems in rc.firewall:
authorSimon Schubert <corecode@dragonflybsd.org>
Tue, 26 Apr 2005 16:59:59 +0000 (16:59 +0000)
committerSimon Schubert <corecode@dragonflybsd.org>
Tue, 26 Apr 2005 16:59:59 +0000 (16:59 +0000)
When your trusted_net, like in the default config, was a net that
is not routed then even the allowed ICMP types were dropped.

Install rc.firewall mode +x.

Submitted-by: Andreas Hauser <andy@splashground.de>
etc/Makefile
etc/rc.firewall

index bde4607..57c63e7 100644 (file)
@@ -1,6 +1,6 @@
 #      from: @(#)Makefile      5.11 (Berkeley) 5/21/91
 # $FreeBSD: src/etc/Makefile,v 1.219.2.38 2003/03/04 09:49:00 ru Exp $
-# $DragonFly: src/etc/Makefile,v 1.52 2005/04/22 22:02:58 swildner Exp $
+# $DragonFly: src/etc/Makefile,v 1.53 2005/04/26 16:59:59 corecode Exp $
 
 .if !defined(NO_SENDMAIL)
 SUBDIR=        sendmail
@@ -11,7 +11,7 @@ SUBDIR=       sendmail
 BINUPDATE= apmd.conf fbtab gettytab network.subr \
        pf.os \
        protocols \
-       rc rc.firewall rc.firewall6 \
+       rc rc.firewall6 \
        rc.sendmail rc.shutdown \
        rc.subr rpc services \
        etc.${MACHINE_ARCH}/disktab \
@@ -43,7 +43,7 @@ SSL=  ${.CURDIR}/../crypto/openssl-0.9.7e/apps/openssl.cnf
 
 # Files that should be installed read-only-executable (555) root:wheel
 #
-BIN2=  pccard_ether rc.suspend rc.resume
+BIN2=  pccard_ether rc.firewall rc.suspend rc.resume
 
 DEFAULTS= rc.conf make.conf periodic.conf
 
index bd6e9d4..9ce0289 100644 (file)
@@ -32,7 +32,7 @@
 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $DragonFly: src/etc/rc.firewall,v 1.4 2005/02/28 01:42:57 dillon Exp $
+# $DragonFly: src/etc/rc.firewall,v 1.5 2005/04/26 16:59:59 corecode Exp $
  
 # A simple packetfilter configurable via /etc/rc.conf
 #
@@ -190,8 +190,8 @@ case ${firewall_type} in
         allow_trusted_nets ${firewall_trusted_nets}
         allow_trusted_interfaces ${firewall_trusted_interfaces}
         allow_connections
-        deny_not_routed_nets
         allow_icmp_types ${firewall_allowed_icmp_types}
+        deny_not_routed_nets
         open_tcp_ports ${firewall_open_tcp_ports}
         open_udp_ports ${firewall_open_udp_ports}
         deny_rest