conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw
and rc.d/ip6fw.
Vulpes Velox
v.velox at vvelox.net
Sun Mar 12 09:24:23 UTC 2006
The following reply was made to PR conf/93815; it has been noted by GNATS.
From: Vulpes Velox <v.velox at vvelox.net>
To: Giorgos Keramidas <keramida at ceid.upatras.gr>
Cc: bug-followup at FreeBSD.org
Subject: Re: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw
and rc.d/ip6fw.
Date: Sun, 12 Mar 2006 00:47:33 -0600
--MP_mS8Ucp6Sl2z5XmLbi.CVHUX
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On Thu, 9 Mar 2006 14:16:37 +0200
Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> On 2006-03-08 22:23, Vulpes Velox <v.velox at vvelox.net> wrote:
> > Cool. I like the that idea for the savedir. I am some what mixed
> > about making it longer, but I see the point in making it more
> > readable though.
> > [...]
> > I will have the new patch set pr submitted tomorrow.
>
> Note that the patch still has to be reviewed by one of our rc.d
> experts, but thank you for considering to make the changes to match
> some of my suggestions. Keep the good work up :)))
>
Made a few more changes. I just got thinking of the idea of
eliminating rc.firewall and rc.firewall6 entirely. Will be sending in another patch set shortly.
This set includes load and unload. This will load or unload a set of
rules. This will unload or load a save, with out flushing. I have
also added a new variable. fwcmd2. This is like fwcmd in rc.firewall,
but has add/delete added to it depending on what it is doing.
BTW is there any good reason this is included in
rc.firewall/rc.firewall6 instead of ipfw/ip6fw?
############
# Set quiet mode if requested
#
case ${firewall_quiet} in
[Yy][Ee][Ss])
fwcmd="/sbin/ipfw -q"
;;
*)
fwcmd="/sbin/ipfw"
;;
esac
I see there being no problem moving that into ipfw.
--MP_mS8Ucp6Sl2z5XmLbi.CVHUX
Content-Type: text/x-patch; name=ip6fw.diff
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=ip6fw.diff
18,29d17
< extra_commands="save load unload"
< save_cmd="ipfw_save"
< load_cmd="ipfw_load"
< unload_cmd="ipfw_unload"
<
< # Gets the name of the save to use.
< if [ ! -z "$2" ]; then
< savename="$2"
< usingsave="yes"
< else
< savename="last"
< fi
44,82d31
< ipfw_save()
< {
< # Saves the firewall rules to /var/db/ipfw/$savename
< [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
< ipfw list | awk '{print "${fw6cmd2} " $0 }' > /var/db/ipfw/$savename.6
< }
<
< ipfw_load()
< {
<
< # Set quiet mode if requested
< case ${firewall_quiet} in
< [Yy][Ee][Ss])
< fwcmd2="/sbin/ipfw -q add"
< ;;
< *)
< fwcmd2="/sbin/ipfw add"
< ;;
< esac
<
< . /var/db/ipfw/$savename.6
< }
<
< ipfw_unload()
< {
<
< # Set quiet mode if requested
< case ${firewall_quiet} in
< [Yy][Ee][Ss])
< fwcmd2="/sbin/ipfw -q delete"
< ;;
< *)
< fwcmd2="/sbin/ipfw delete"
< ;;
< esac
<
< . /var/db/ipfw/$savename.6
< }
<
85,92d33
< # Make sure the save file exists if one is specified.
< if [ ! -z "$usingsave" ]; then
< if [ ! -f "/var/db/ipfw/$savename.6" ]; then
< echo "Specified save does not exist"
< exit 1
< fi
< fi
<
101c42
< . "${ipv6_firewall_script}" $savename
---
> . "${ipv6_firewall_script}"
--MP_mS8Ucp6Sl2z5XmLbi.CVHUX
Content-Type: text/x-patch; name=ipfw.diff
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=ipfw.diff
19,30d18
< extra_commands="save load unload"
< save_cmd="ipfw_save"
< load_cmd="ipfw_load"
< unload_cmd="ipfw_unload"
<
< #gets the name of the save to use
< if [ ! -z "$2" ]; then
< savename="$2"
< usingsave="yes"
< else
< savename="last"
< fi
44,82d31
< ipfw_save()
< {
< # Saves the firewall rules to /var/db/ipfw/$savename
< [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
< ipfw list | awk '{print "${fwcmd2} " $0 }' > /var/db/ipfw/$savename
< }
<
< ipfw_load()
< {
<
< # Set quiet mode if requested
< case ${firewall_quiet} in
< [Yy][Ee][Ss])
< fwcmd2="/sbin/ipfw -q add"
< ;;
< *)
< fwcmd2="/sbin/ipfw add"
< ;;
< esac
<
< . /var/db/ipfw/$savename
< }
<
< ipfw_unload()
< {
<
< # Set quiet mode if requested
< case ${firewall_quiet} in
< [Yy][Ee][Ss])
< fwcmd2="/sbin/ipfw -q delete"
< ;;
< *)
< fwcmd2="/sbin/ipfw delete"
< ;;
< esac
<
< . /var/db/ipfw/$savename
< }
<
85,92d33
< # Make sure the save file exists if one is specified
< if [ ! -z "$usingsave" ]; then
< if [ ! -f "/var/db/ipfw/$savename" ]; then
< echo "Specified save does not exist"
< exit 1
< fi
< fi
<
97c38
< . "${firewall_script}" $savename
---
> . "${firewall_script}"
--MP_mS8Ucp6Sl2z5XmLbi.CVHUX
Content-Type: text/x-patch; name=rc.firewall.diff
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.firewall.diff
146,158d145
<
< [Ss][Aa][Vv][Ee])
< # Gets the name of the save to use.
< if [ ! -z "$1" ]; then
< savename="$1"
< else
< savename="last"
< fi
<
< fwcmd2="${fwcmd} add"
<
< . /var/db/ipfw/$savename
< ;;
--MP_mS8Ucp6Sl2z5XmLbi.CVHUX
Content-Type: text/x-patch; name=rc.firewall6.diff
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.firewall6.diff
108,120d107
< [Ss][Aa][Vv][Ee])
< # Gets the name of the save to use.
< if [ ! -z "$1" ]; then
< savename="$1"
< else
< savename="last"
< fi
<
< fw6cmd2="${fw6cmd} add"
<
< . /var/db/ipfw/$savename.6
< ;;
<
--MP_mS8Ucp6Sl2z5XmLbi.CVHUX--
More information about the freebsd-rc
mailing list