Remove IPFW support.

This is no longer used by modern MacOSX and not getting tested.

It also required a do_wait() function which was a complication for
sshuttle as a whole.

Can get resurrected if required.

Author: brianmay

README.rst

@@ -43,17 +43,9 @@ Client side Requirements
 |       |        | * IPv6 TCP +                                               |
 |       |        | * IPv6 UDP +                                               |
 +-------+--------+------------+-----------------------------------------------+
-| BSD   | IPFW   | * IPv4 TCP | Your kernel needs to be compiled with         |
-|       |        |            | `IPFIREWALL_FORWARD` and you need to have ipfw|
-|       |        |            | available.                                    |
-+-------+--------+------------+-----------------------------------------------+
 | MacOS | PF     | * IPv4 TCP + You need to have the pfctl command.           |
 +-------+--------+------------+-----------------------------------------------+
 
-The IPFW method is depreciated. It was originally required for MacOS support,
-however is no longer maintained. It is likely to get removed from future
-versions of sshuttle.
-
 
 Server side Requirements
 ------------------------

sshuttle/__main__.py

@@ -119,7 +119,7 @@ def parse_list(list):
 N,auto-nets  automatically determine subnets to route
 dns        capture local DNS requests and forward to the remote DNS server
 ns-hosts=  capture and forward remote DNS requests to the following servers
-method=    auto, nat, tproxy, pf or ipfw
+method=    auto, nat, tproxy or pf
 python=    path to python interpreter on the remote server
 r,remote=  ssh hostname (and optional username) of remote sshuttle server
 x,exclude= exclude this subnet (can be used more than once)
@@ -181,7 +181,7 @@ def parse_list(list):
             includes = parse_subnet_file(opt.subnets)
         if not opt.method:
             method_name = "auto"
-        elif opt.method in ["auto", "nat", "tproxy", "ipfw", "pf"]:
+        elif opt.method in ["auto", "nat", "tproxy", "pf"]:
             method_name = opt.method
         else:
             o.fatal("method_name %s not supported" % opt.method)

sshuttle/firewall.py

@@ -178,12 +178,11 @@ def main(method_name, syslog):
     try:
         debug1('firewall manager: setting up.\n')
 
-        do_wait = None
         nslist_v6 = [i for i in nslist if i[0] == socket.AF_INET6]
         subnets_v6 = [i for i in subnets if i[0] == socket.AF_INET6]
         if port_v6 > 0:
             debug2('firewall manager: setting up IPv6.\n')
-            do_wait = method.setup_firewall(
+            method.setup_firewall(
                 port_v6, dnsport_v6, nslist_v6,
                 socket.AF_INET6, subnets_v6, udp)
         elif len(subnets_v6) > 0:
@@ -193,7 +192,7 @@ def main(method_name, syslog):
         subnets_v4 = [i for i in subnets if i[0] == socket.AF_INET]
         if port_v4 > 0:
             debug2('firewall manager: setting up IPv4.\n')
-            do_wait = method.setup_firewall(
+            method.setup_firewall(
                 port_v4, dnsport_v4, nslist_v4,
                 socket.AF_INET, subnets_v4, udp)
         elif len(subnets_v4) > 0:
@@ -213,8 +212,6 @@ def main(method_name, syslog):
         # to stay running so that we don't need a *second* password
         # authentication at shutdown time - that cleanup is important!
         while 1:
-            if do_wait is not None:
-                do_wait()
             line = stdin.readline(128)
             if line.startswith('HOST '):
                 (name, ip) = line[5:].strip().split(',', 1)

sshuttle/methods/__init__.py

@@ -86,14 +86,12 @@ def get_method(method_name):
 
 
 def get_auto_method():
-    if _program_exists('ipfw'):
-        method_name = "ipfw"
-    elif _program_exists('iptables'):
+    if _program_exists('iptables'):
         method_name = "nat"
     elif _program_exists('pfctl'):
         method_name = "pf"
     else:
         raise Fatal(
-            "can't find either ipfw, iptables or pfctl; check your PATH")
+            "can't find either iptables or pfctl; check your PATH")
 
     return get_method(method_name)

sshuttle/methods/ipfw.py

@@ -227,7 +227,7 @@ conflicts between client and server.
 
 Unlike most VPNs, sshuttle forwards sessions, not packets.
 That is, it uses kernel transparent proxying (`iptables
-REDIRECT` rules on Linux, or `ipfw fwd` rules on BSD) to
+REDIRECT` rules on Linux) to
 capture outgoing TCP sessions, then creates entirely
 separate TCP sessions out to the original destination at
 the other end of the tunnel.
@@ -256,24 +256,6 @@ between the two separate streams, so a tcp-based tunnel is
 fine.
 
 
-# BUGS
-
-On MacOS 10.6 (at least up to 10.6.6), your network will
-stop responding about 10 minutes after the first time you
-start sshuttle, because of a MacOS kernel bug relating to
-arp and the net.inet.ip.scopedroute sysctl.  To fix it,
-just switch your wireless off and on. Sshuttle makes the
-kernel setting it changes permanent, so this won't happen
-again, even after a reboot.
-
-On MacOS, sshuttle will set the kernel boot flag
-net.inet.ip.scopedroute to 0, which interferes with OS X
-Internet Sharing and some VPN clients. To reset this flag,
-you can remove any reference to net.inet.ip.scopedroute from
-/Library/Preferences/SystemConfiguration/com.apple.Boot.plist
-and reboot.
-
-
 # SEE ALSO
 
 `ssh`(1), `python`(1)

sshuttle/sshuttle.md

@@ -97,8 +97,6 @@ def test_main(mock_get_method, mock_setup_daemon, mock_rewrite_etc_hosts):
             2,
             [(2, 24, False, u'1.2.3.0'), (2, 32, True, u'1.2.3.66')],
             True),
-        call().setup_firewall()(),
-        call().setup_firewall()(),
         call().setup_firewall(1024, 0, [], 10, [], True),
         call().setup_firewall(1025, 0, [], 2, [], True),
     ]