bin/58939: dumb little hack for /etc/rc.firewall{,6}

Tue Nov 4 13:40:19 PST 2003

>Number:         58939
>Category:       bin
>Synopsis:       dumb little hack for /etc/rc.firewall{,6}
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 04 13:40:17 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     David Wolfskill
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
Egation Communications
>Environment:
System: FreeBSD frecnocpc2.noc.egation.com 4.9-STABLE FreeBSD 4.9-STABLE #11: Wed Oct 29 14:13:41 PST 2003 root at frecnocpc2.noc.egation.com:/common/S1/obj/usr/src/sys/REPO i386


	Any FreeBSD box where someone wants to use or explore ipfw.
>Description:
	Basic problem is that I sometimes make mistakes that are obvious
	in retrospect.  :-}  So I tend to hack the firewall script with
	which I start to add at "-t" flag, which prefixes each command
	with "echo".  That way, when it's run with "-t", I can see
	what ipfw (or ip6fw) commands will be executed.

	Basically, I thought that this might be useful to others.  And
	yeah, I got tired of hacking it in myself each time.  :-}

	If all else fails, consider it a teaching aid.  :-)
>How-To-Repeat:
	N/A
>Fix:
	Here you go.  I haven't actually used the rc.firewall6, but
	after hacking it, I did verify that I could make it spit
	out commands (and that they even looked plausible).

	Oh -- sorry; I don't have immediate access to a powered-on
	-CURRENT box right now.  The below ought to work just fine in
	-CURRENT, though.

	And my feelings won't be hurt if you use a different way to
	cause the "test" invocation.  "-t" just seemed mnemonic to me.
	Season to taste; serve when done well.

Index: rc.firewall
===================================================================
RCS file: /cvs/freebsd/src/etc/rc.firewall,v
retrieving revision 1.30.2.16
diff -u -r1.30.2.16 rc.firewall

--- rc.firewall	10 Feb 2003 05:45:06 -0000	1.30.2.16
+++ rc.firewall	4 Nov 2003 21:09:05 -0000
@@ -40,6 +40,11 @@
 	fi
 fi
 
+if [ "x$1" = "x-t" ]; then
+	firewall_test="YES"
+	shift
+fi
+
 ############
 # Define the firewall type in /etc/rc.conf.  Valid values are:
 #   open     - will allow anyone in
@@ -99,6 +104,14 @@
 	;;
 *)
 	fwcmd="/sbin/ipfw"
+	;;
+esac
+
+case ${firewall_test} in
+[Yy][Ee][Ss])
+	fwcmd="echo ${fwcmd}"
+	;;
+*)
 	;;
 esac
 
Index: rc.firewall6
===================================================================
RCS file: /cvs/freebsd/src/etc/rc.firewall6,v
retrieving revision 1.1.2.11
diff -u -r1.1.2.11 rc.firewall6
--- rc.firewall6	10 Feb 2003 05:45:06 -0000	1.1.2.11
+++ rc.firewall6	4 Nov 2003 21:18:34 -0000
@@ -13,6 +13,11 @@
 	fi
 fi
 
+if [ "x$1" = "x-t" ]; then
+	firewall_test="YES"
+	shift
+fi
+
 ############
 # Define the firewall type in /etc/rc.conf.  Valid values are:
 #   open     - will allow anyone in
@@ -78,6 +83,14 @@
 	;;
 *)
 	fw6cmd="/sbin/ip6fw"
+	;;
+esac
+
+case ${firewall_test} in
+[Yy][Ee][Ss])
+	fw6cmd="echo ${fw6cmd}"
+	;;
+*)
 	;;
 esac
 
>Release-Note:
>Audit-Trail:
>Unformatted:
