1*8823STruong.Q.Nguyen@Sun.COM#!/sbin/sh 2*8823STruong.Q.Nguyen@Sun.COM# 3*8823STruong.Q.Nguyen@Sun.COM# CDDL HEADER START 4*8823STruong.Q.Nguyen@Sun.COM# 5*8823STruong.Q.Nguyen@Sun.COM# The contents of this file are subject to the terms of the 6*8823STruong.Q.Nguyen@Sun.COM# Common Development and Distribution License (the "License"). 7*8823STruong.Q.Nguyen@Sun.COM# You may not use this file except in compliance with the License. 8*8823STruong.Q.Nguyen@Sun.COM# 9*8823STruong.Q.Nguyen@Sun.COM# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*8823STruong.Q.Nguyen@Sun.COM# or http://www.opensolaris.org/os/licensing. 11*8823STruong.Q.Nguyen@Sun.COM# See the License for the specific language governing permissions 12*8823STruong.Q.Nguyen@Sun.COM# and limitations under the License. 13*8823STruong.Q.Nguyen@Sun.COM# 14*8823STruong.Q.Nguyen@Sun.COM# When distributing Covered Code, include this CDDL HEADER in each 15*8823STruong.Q.Nguyen@Sun.COM# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*8823STruong.Q.Nguyen@Sun.COM# If applicable, add the following below this CDDL HEADER, with the 17*8823STruong.Q.Nguyen@Sun.COM# fields enclosed by brackets "[]" replaced with your own identifying 18*8823STruong.Q.Nguyen@Sun.COM# information: Portions Copyright [yyyy] [name of copyright owner] 19*8823STruong.Q.Nguyen@Sun.COM# 20*8823STruong.Q.Nguyen@Sun.COM# CDDL HEADER END 21*8823STruong.Q.Nguyen@Sun.COM# 22*8823STruong.Q.Nguyen@Sun.COM# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23*8823STruong.Q.Nguyen@Sun.COM# Use is subject to license terms. 24*8823STruong.Q.Nguyen@Sun.COM# 25*8823STruong.Q.Nguyen@Sun.COM 26*8823STruong.Q.Nguyen@Sun.COM# Scripts that generate IPfilter rules for SMB server 27*8823STruong.Q.Nguyen@Sun.COM 28*8823STruong.Q.Nguyen@Sun.COM. /lib/svc/share/smf_include.sh 29*8823STruong.Q.Nguyen@Sun.COM. /lib/svc/share/ipf_include.sh 30*8823STruong.Q.Nguyen@Sun.COM 31*8823STruong.Q.Nguyen@Sun.COMcreate_ipf_rules() 32*8823STruong.Q.Nguyen@Sun.COM{ 33*8823STruong.Q.Nguyen@Sun.COM FMRI=$1 34*8823STruong.Q.Nguyen@Sun.COM file=`fmri_to_file $FMRI $IPF_SUFFIX` 35*8823STruong.Q.Nguyen@Sun.COM ip=any 36*8823STruong.Q.Nguyen@Sun.COM policy=`get_policy ${FMRI}` 37*8823STruong.Q.Nguyen@Sun.COM iana_names="microsoft-ds netbios-ns netbios-dgm netbios-ssn" 38*8823STruong.Q.Nguyen@Sun.COM 39*8823STruong.Q.Nguyen@Sun.COM # 40*8823STruong.Q.Nguyen@Sun.COM # Enforce policy on each port 41*8823STruong.Q.Nguyen@Sun.COM # 42*8823STruong.Q.Nguyen@Sun.COM echo "# $FMRI" >$file 43*8823STruong.Q.Nguyen@Sun.COM for name in $iana_names; do 44*8823STruong.Q.Nguyen@Sun.COM port=`$SERVINFO -p -s $name 2>/dev/null` 45*8823STruong.Q.Nguyen@Sun.COM if [ -z "$port" ]; then 46*8823STruong.Q.Nguyen@Sun.COM continue; 47*8823STruong.Q.Nguyen@Sun.COM fi 48*8823STruong.Q.Nguyen@Sun.COM generate_rules $FMRI $policy "tcp" $ip $port $file 49*8823STruong.Q.Nguyen@Sun.COM generate_rules $FMRI $policy "udp" $ip $port $file 50*8823STruong.Q.Nguyen@Sun.COM done 51*8823STruong.Q.Nguyen@Sun.COM} 52*8823STruong.Q.Nguyen@Sun.COM 53*8823STruong.Q.Nguyen@Sun.COMif [ "$1" = "ipfilter" ]; then 54*8823STruong.Q.Nguyen@Sun.COM create_ipf_rules $2 55*8823STruong.Q.Nguyen@Sun.COMfi 56*8823STruong.Q.Nguyen@Sun.COMexit 0 57