bin/58939: dumb little hack for /etc/rc.firewall{,6}
David Wolfskill
david at mail.egation.com
Tue Nov 4 13:40:19 PST 2003
>Number: 58939
>Category: bin
>Synopsis: dumb little hack for /etc/rc.firewall{,6}
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 04 13:40:17 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: David Wolfskill
>Release: FreeBSD 4.9-STABLE i386
>Organization:
Egation Communications
>Environment:
System: FreeBSD frecnocpc2.noc.egation.com 4.9-STABLE FreeBSD 4.9-STABLE #11: Wed Oct 29 14:13:41 PST 2003 root at frecnocpc2.noc.egation.com:/common/S1/obj/usr/src/sys/REPO i386
Any FreeBSD box where someone wants to use or explore ipfw.
>Description:
Basic problem is that I sometimes make mistakes that are obvious
in retrospect. :-} So I tend to hack the firewall script with
which I start to add at "-t" flag, which prefixes each command
with "echo". That way, when it's run with "-t", I can see
what ipfw (or ip6fw) commands will be executed.
Basically, I thought that this might be useful to others. And
yeah, I got tired of hacking it in myself each time. :-}
If all else fails, consider it a teaching aid. :-)
>How-To-Repeat:
N/A
>Fix:
Here you go. I haven't actually used the rc.firewall6, but
after hacking it, I did verify that I could make it spit
out commands (and that they even looked plausible).
Oh -- sorry; I don't have immediate access to a powered-on
-CURRENT box right now. The below ought to work just fine in
-CURRENT, though.
And my feelings won't be hurt if you use a different way to
cause the "test" invocation. "-t" just seemed mnemonic to me.
Season to taste; serve when done well.
Index: rc.firewall
===================================================================
RCS file: /cvs/freebsd/src/etc/rc.firewall,v
retrieving revision 1.30.2.16
diff -u -r1.30.2.16 rc.firewall
--- rc.firewall 10 Feb 2003 05:45:06 -0000 1.30.2.16
+++ rc.firewall 4 Nov 2003 21:09:05 -0000
@@ -40,6 +40,11 @@
fi
fi
+if [ "x$1" = "x-t" ]; then
+ firewall_test="YES"
+ shift
+fi
+
############
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
@@ -99,6 +104,14 @@
;;
*)
fwcmd="/sbin/ipfw"
+ ;;
+esac
+
+case ${firewall_test} in
+[Yy][Ee][Ss])
+ fwcmd="echo ${fwcmd}"
+ ;;
+*)
;;
esac
Index: rc.firewall6
===================================================================
RCS file: /cvs/freebsd/src/etc/rc.firewall6,v
retrieving revision 1.1.2.11
diff -u -r1.1.2.11 rc.firewall6
--- rc.firewall6 10 Feb 2003 05:45:06 -0000 1.1.2.11
+++ rc.firewall6 4 Nov 2003 21:18:34 -0000
@@ -13,6 +13,11 @@
fi
fi
+if [ "x$1" = "x-t" ]; then
+ firewall_test="YES"
+ shift
+fi
+
############
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
@@ -78,6 +83,14 @@
;;
*)
fw6cmd="/sbin/ip6fw"
+ ;;
+esac
+
+case ${firewall_test} in
+[Yy][Ee][Ss])
+ fw6cmd="echo ${fw6cmd}"
+ ;;
+*)
;;
esac
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list