version 1.458, 2015/08/22 10:45:59 |
version 1.459, 2015/08/22 23:32:18 |
|
|
# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so |
# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so |
# as to avoid randomly allocating source ports that correspond to well-known |
# as to avoid randomly allocating source ports that correspond to well-known |
# services. |
# services. |
|
# Usage: fill_baddynamic tcp|udp |
fill_baddynamic() { |
fill_baddynamic() { |
local _service=$1 |
local _service=$1 |
local _sysctl="net.inet.${_service}.baddynamic" |
local _sysctl="net.inet.${_service}.baddynamic" |
|
|
stripcom /etc/services | |
stripcom /etc/services | |
{ |
{ |
# Variables are local |
_ban= |
while IFS=" /" read _name _port _srv _junk; do |
while IFS=" /" read _name _port _srv _junk; do |
[ "x${_srv}" = "x${_service}" ] || continue |
[[ $_srv == $_service ]] || continue |
_ban="${_ban:+${_ban},}+${_port}" |
|
|
_ban="${_ban:+$_ban,}+$_port" |
|
|
# Flush before argv gets too long |
# Flush before argv gets too long |
if [ ${#_ban} -gt 1024 ]; then |
if ((${#_ban} > 1024)); then |
sysctl -q ${_sysctl}=${_ban} |
sysctl -q "$_sysctl=$_ban" |
_ban="" |
_ban= |
fi |
fi |
done |
done |
[ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban} |
[[ -n $_ban ]] && sysctl -q "$_sysctl=$_ban" |
} |
} |
} |
} |
|
|