diff options
author | Roy Marples <roy@marples.name> | 2009-04-27 07:51:18 +0000 |
---|---|---|
committer | Roy Marples <roy@marples.name> | 2009-04-27 07:51:18 +0000 |
commit | e70a1429564a8fce5036c351b010a47dbb6c28b7 (patch) | |
tree | a1fc0f75a53041771bc9054fdab517ac32b3d79a /init.d/ipfw.in | |
parent | eaa32c75c9bba7af0ec842d82f56a6862bbc83db (diff) |
Style.
Diffstat (limited to 'init.d/ipfw.in')
-rw-r--r-- | init.d/ipfw.in | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/init.d/ipfw.in b/init.d/ipfw.in index 61ac29e8..6452a7eb 100644 --- a/init.d/ipfw.in +++ b/init.d/ipfw.in @@ -1,5 +1,5 @@ #!@PREFIX@/sbin/runscript -# Copyright 2007-2008 Roy Marples <roy@marples.name> +# Copyright 2007-2009 Roy Marples <roy@marples.name> # All rights reserved. Released under the 2-clause BSD license. # This is based on /etc/rc.firewall and /etc/rc.firewall6 from FreeBSD @@ -95,24 +95,24 @@ start() { # Add permits for this workstations published services below # Only IPs and nets in firewall_allowservices is allowed in. - for i in ${ipfw_ip_in}; do - for p in ${ipfw_ports_in}; do - ipfw add pass tcp from ${i} to me ${p} + for i in $ipfw_ip_in; do + for p in $ipfw_ports_in; do + ipfw add pass tcp from $i to me $p done done # Allow all connections from trusted IPs. # Playing with the content of firewall_trusted could seriously # degrade the level of protection provided by the firewall. - for i in ${ipfw_ip_trust}; do - ipfw add pass ip from ${i} to me + for i in $ipfw_ip_trust; do + ipfw add pass ip from $i to me done ipfw add 65000 count ip from any to any # Drop packets to ports where we don't want logging - for p in ${ipfw_ports_nolog}; do - ipfw add deny { tcp or udp } from any to any ${p} in + for p in $ipfw_ports_nolog; do + ipfw add deny { tcp or udp } from any to any $p in done # Broadcasts and muticasts @@ -129,10 +129,10 @@ start() { # Deny and (if wanted) log the rest unconditionally. if yesno ${ipfw_log_deny:-no}; then - log="log" + log=log sysctl net.inet.ip.fw.verbose=1 >/dev/null fi - ipfw add deny ${log} ip from any to any + ipfw add deny $log ip from any to any eend 0 } |