diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-01-03 12:32:57 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-01-03 12:32:57 +0000 |
| commit | 327bff9038e355ab92d32bf7b90add340ede1fc6 (patch) | |
| tree | 0be8aabff1d414faf544419d8d78b7d52015fa47 | |
| parent | 17cf2efb57a35227756ee1e371d595f3c5a564c8 (diff) | |
ipmasq: Update A10dhcpd.rul and A10dhcpcd.rul to reflect new example in ipmasq 3.5.10: strip ip aliases.
| -rw-r--r-- | ipmasq/rules/A10dhcpcd.rul | 23 | ||||
| -rw-r--r-- | ipmasq/rules/A10dhcpd.rul | 27 |
2 files changed, 21 insertions, 29 deletions
diff --git a/ipmasq/rules/A10dhcpcd.rul b/ipmasq/rules/A10dhcpcd.rul index 5ac66a1..3f39085 100644 --- a/ipmasq/rules/A10dhcpcd.rul +++ b/ipmasq/rules/A10dhcpcd.rul @@ -1,29 +1,20 @@ -# From Kalle Olavi Niemitalo <tosi@ees2.oulu.fi>: - -# Here's my /etc/ipmasq/rules/A10dhcpd.rul file in case you'd -# like to add it in the examples directory. It's somewhat -# stricter than /usr/doc/ipmasq/examples/Z99dhcpd.rul. Also, I'm -# using priority A10 rather than Z99 because some of my other -# rules would reject the packets. -# -# This works with dhcp_1.0.2-0.1 and the Windows 95 DHCP client. -# The ipfwadm invocations are untested. +# Based on A10dhcpd.rul by Kalle Olavi Niemitalo <tosi@ees2.oulu.fi>: if [ -n "$INTERNAL" ]; then for i in $INTERNAL; do ipnm_cache $i case $MASQMETHOD in ipfwadm) - $IPFWADM -I -i accept -S 0.0.0.0/0 67 -D 255.255.255.255/32 68 -W $i -P udp -# $IPFWADM -O -i accept -S $IPOFIF/32 68 -D 255.255.255.255/32 67 -W $i -P udp + $IPFWADM -I -i accept -S 0.0.0.0/0 67 -D 255.255.255.255/32 68 -W ${i%%:*} -P udp +# $IPFWADM -O -i accept -S $IPOFIF/32 68 -D 255.255.255.255/32 67 -W ${i%%:*} -P udp ;; ipchains) - $IPCHAINS -I input -j ACCEPT -s 0.0.0.0/0 67 -d 255.255.255.255/32 68 -i $i -p udp -# $IPCHAINS -I output -j ACCEPT -s $IPOFIF/32 68 -d 255.255.255.255/32 67 -i $i -p udp + $IPCHAINS -I input -j ACCEPT -s 0.0.0.0/0 67 -d 255.255.255.255/32 68 -i ${i%%:*} -p udp +# $IPCHAINS -I output -j ACCEPT -s $IPOFIF/32 68 -d 255.255.255.255/32 67 -i ${i%%:*} -p udp ;; iptables) - $IPTABLES -I INPUT -j ACCEPT -s 0.0.0.0/0 67 -d 255.255.255.255/32 68 -i $i -p udp -# $IPTABLES -I OUTPUT -j ACCEPT -s $IPOFIF/32 68 -d 255.255.255.255/32 67 -i $i -p udp + $IPTABLES -I INPUT -j ACCEPT -s 0.0.0.0/0 67 -d 255.255.255.255/32 68 -i ${i%%:*} -p udp +# $IPTABLES -I OUTPUT -j ACCEPT -s $IPOFIF/32 68 -d 255.255.255.255/32 67 -i ${i%%:*} -p udp ;; esac done diff --git a/ipmasq/rules/A10dhcpd.rul b/ipmasq/rules/A10dhcpd.rul index 7be8c1e..dbc56c5 100644 --- a/ipmasq/rules/A10dhcpd.rul +++ b/ipmasq/rules/A10dhcpd.rul @@ -11,20 +11,21 @@ if [ -n "$INTERNAL" ]; then for i in $INTERNAL; do - ipnm_cache $i - case $MASQMETHOD in - ipfwadm) - $IPFWADM -I -i accept -S 0.0.0.0/32 68 -D 255.255.255.255/32 67 -W $i -P udp - $IPFWADM -O -i accept -S $IPOFIF/32 67 -D 255.255.255.255/32 68 -W $i -P udp - ;; - ipchains) - $IPCHAINS -I input -j ACCEPT -s 0.0.0.0/32 68 -d 255.255.255.255/32 67 -i $i -p udp - $IPCHAINS -I output -j ACCEPT -s $IPOFIF/32 67 -d 255.255.255.255/32 68 -i $i -p udp - ;; + ipnm_cache $i + case $MASQMETHOD in + ipfwadm) + $IPFWADM -I -i accept -S 0.0.0.0/32 68 -D 255.255.255.255/32 67 -W ${i%%:*} -P udp + $IPFWADM -O -i accept -S $IPOFIF/32 67 -D 255.255.255.255/32 68 -W ${i%%:*} -P udp + ;; + ipchains) + $IPCHAINS -A input -j ACCEPT -s 0.0.0.0/32 68 -d 255.255.255.255/32 67 -i ${i%%:*} -p udp + $IPCHAINS -A output -j ACCEPT -s $IPOFIF/32 67 -d 255.255.255.255/32 68 -i ${i%%:*} -p udp + ;; netfilter) - $IPTABLES -I INPUT -j ACCEPT -s 0.0.0.0/32 68 -d 255.255.255.255/32 67 -i $i -p udp - $IPTABLES -I OUTPUT -j ACCEPT -s $IPOFIF/32 67 -d 255.255.255.255/32 68 -i $i -p udp - esac + $IPTABLES -A INPUT -j ACCEPT -s 0.0.0.0/32 68 -d 255.255.255.255/32 67 -i ${i%%:*} -p udp + $IPTABLES -A OUTPUT -j ACCEPT -s $IPOFIF/32 67 -d 255.255.255.255/32 68 -o ${i%%:*} -p udp + ;; + esac done fi |