Firewall rules in a directory

Reply: Dan Mahoney (Ports): "Re: Firewall rules in a directory"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dan Mahoney (Ports) <freebsd_at_gushi.org>
Date: Tue, 30 Aug 2022 04:36:32 UTC

All,

At the dayjob, we’ve taken to putting our ipfw rules into a directory using rcorder’able files.  This way, each of our puppet manifests can drop its own rules into place without having to manage a monolithic file.

It’s a simple patch to rc.firewall, where if you set firewall_type to a file, it just runs it, but if it’s a directory, it would treat it as such:

*)
  if [ -r "${firewall_type}" ]; then
    if [ -f "${firewall_type}" ]; then
      ${fwcmd} ${firewall_flags} ${firewall_type}
    else
      if [ -d "${firewall_type}" ]; then
        for fwfile in `rcorder $firewall_type/*`
          do
            ipfw -q $fwfile;
        done
      fi
    fi

Is there a possibility of getting this into base?

-Dan