Two pf questions
Wayne Sierke
ws at au.dyndns.ws
Wed Mar 29 02:44:24 UTC 2017
On Tue, 2017-03-28 at 20:29 +0200, Ralf Mardorf via freebsd-questions
wrote:
> Hi,
>
> while I won't add such an exit status loop as I mentioned by an earlier
> reply, I still would be careful with file names in /tmp and also
> consider to make the commands of a "command chain" conditional of the
> preceding commands.
>
> Instead of
>
> cp /etc/pf/bruteforce /tmp/foobar.txt
> pfctl -t bruteforce -T show >> /tmp/foobar.txt
> sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
>
> I would use something similar to
>
> tmp_suffix="-$$-$(mcookie)"
> cp /etc/pf/bruteforce /tmp/bruteforce$tmp_suffix && \
> pfctl -t bruteforce -T show >> /tmp/bruteforce$tmp_suffix && \
> sort -u -n /tmp/bruteforce$tmp_suffix > /etc/pf/bruteforce
>
> I wouldn't use $$ and $(mcookie) together, perhaps just $(mcookie) or $$
> plus the date and time including seconds or something else unique or
> at least add "$(id -u)" to the PID. "-$$-$(mcookie)" is just an example,
> as "foobar.txt" was just an example, too.
>
> Regards,
> Ralf
Is there any reason that mktemp(1) is not adequate here, or not
desireable?
Perhaps this:
bf_temp=`mktemp -t bruteforce.`
cp /etc/pf/bruteforce ${bf_temp} ...
etc.
More information about the freebsd-questions
mailing list