IPFW script that supports some kind of rc.d directory?
Shane Ambler
FreeBSD at ShaneWare.Biz
Sun Feb 8 05:19:59 UTC 2015
On 07/02/2015 21:14, Arthur Chance wrote:
> On 07/02/2015 10:02, Dan Mahoney, System Admin wrote:
>> Hey all,
>>
>> This seems like the kind of thing that people have needed often enough
>> -- for example when you want to have specific ipfw rules for specific
>> installed services, and your ipfw config to be multiple files loaded in
>> some kind of order, but my google-fu is failing me.
>>
>> Failing that, I know FreeBSD has some rcorder, which might be usable for
>> this, but I don't know if it's extensible to a whole separate class of
>> things (or if trying to do that is overkill).
>>
>> Is this a problem someone else has had/solved before?
>>
>
> I've no idea if someone has already done this, but the final form of
> ipfw in the manual is
>
> ipfw [-cfnNqS] [-p preproc [preproc-flags]] pathname
>
> Using cpp as the preprocessor (or maybe m4 if you're a quote loving
> masochist :-) would let you use #include or the equivalent. That's not
> quite up what you're asking, but a start. m4 with syscmd and (s)include
> would go further.
>
> I think the major problem would be if different sets of rules had to be
> interleaved. That would require a careful choice of rule numbering.
>
In /etc/rc.conf you can specify firewall_script="/etc/rc.firewall"
- rc.firewall is the system example of ipfw setup.
As /etc/rc.firewall is a shell script you can pull in any other files
you want. The example includes /etc/defaults/rc.conf and /etc/rc.conf
to get variables that it uses. You could set up yours to ls a specific
dir and suckup all the files in it.
--
FreeBSD - the place to B...Software Developing
Shane Ambler
More information about the freebsd-questions
mailing list