eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#!/sbin/sh
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# CDDL HEADER START
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# The contents of this file are subject to the terms of the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Common Development and Distribution License (the "License").
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# You may not use this file except in compliance with the License.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# or http://www.opensolaris.org/os/licensing.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# See the License for the specific language governing permissions
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# and limitations under the License.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# When distributing Covered Code, include this CDDL HEADER in each
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# If applicable, add the following below this CDDL HEADER, with the
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# fields enclosed by brackets "[]" replaced with your own identifying
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# information: Portions Copyright [yyyy] [name of copyright owner]
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# CDDL HEADER END
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Use is subject to license terms.
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen#
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld# Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld#
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen# Scripts that generate IPfilter rules for SMB server
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen. /lib/svc/share/smf_include.sh
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen. /lib/svc/share/ipf_include.sh
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyencreate_ipf_rules()
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen{
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen FMRI=$1
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen file=`fmri_to_file $FMRI $IPF_SUFFIX`
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld file6=`fmri_to_file $FMRI $IPF6_SUFFIX`
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen policy=`get_policy ${FMRI}`
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen iana_names="microsoft-ds netbios-ns netbios-dgm netbios-ssn"
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen #
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen # Enforce policy on each port
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen #
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen echo "# $FMRI" >$file
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld echo "# $FMRI" >$file6
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen for name in $iana_names; do
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen port=`$SERVINFO -p -s $name 2>/dev/null`
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen if [ -z "$port" ]; then
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen continue;
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen fi
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld generate_rules $FMRI $policy "tcp" $port $file
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld generate_rules $FMRI $policy "tcp" $port $file6 _6
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld generate_rules $FMRI $policy "udp" $port $file
7ddce99911fbb5e44b38ac65e991a22e42267ee9Hans Rosenfeld generate_rules $FMRI $policy "udp" $port $file6 _6
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen done
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen}
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyenif [ "$1" = "ipfilter" ]; then
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyen create_ipf_rules $2
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyenfi
eb1a34638eba7c5add1421327f3eb225a8ea7518Truong Nguyenexit 0