Re: Firewall rules in a directory
- Reply: deleted: "deleted (X-No-Archive)"
- Reply: Ian Smith : "Re: Firewall rules in a directory"
- In reply to: Dan Mahoney (Ports): "Firewall rules in a directory"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 30 Aug 2022 04:40:34 UTC
Note, this wasn’t intended to be “here’s a diff, please put it in”, just an illustration of how trivial an addition it is.
> On Aug 29, 2022, at 9:36 PM, Dan Mahoney (Ports) <freebsd@gushi.org> wrote:
>
> All,
>
> At the dayjob, we’ve taken to putting our ipfw rules into a directory using rcorder’able files. This way, each of our puppet manifests can drop its own rules into place without having to manage a monolithic file.
>
> It’s a simple patch to rc.firewall, where if you set firewall_type to a file, it just runs it, but if it’s a directory, it would treat it as such:
>
> *)
> if [ -r "${firewall_type}" ]; then
> if [ -f "${firewall_type}" ]; then
> ${fwcmd} ${firewall_flags} ${firewall_type}
> else
> if [ -d "${firewall_type}" ]; then
> for fwfile in `rcorder $firewall_type/*`
> do
> ipfw -q $fwfile;
> done
> fi
> fi
>
> Is there a possibility of getting this into base?
>
> -Dan