svn commit: r273201 - head/etc

[Hiroki Sato]

Author: hrs
Date: Fri Oct 17 00:31:51 2014
New Revision: 273201
URL: https://svnweb.freebsd.org/changeset/base/273201

Log:
  Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, which
  interpreted the listed items as port numbers of TCP services.
  
  A service with no suffix still works and recognized as a TCP service for
  backward compatibility.  It should be updated with /tcp suffix.
  
  PR:		194292
  MFC after:	1 week

Modified:
  head/etc/rc.firewall

Modified: head/etc/rc.firewall
==============================================================================
--- head/etc/rc.firewall	Fri Oct 17 00:05:31 2014	(r273200)
+++ head/etc/rc.firewall	Fri Oct 17 00:31:51 2014	(r273201)
@@ -422,8 +422,8 @@ case ${firewall_type} in
 
 [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
 	# Configuration:
-	#  firewall_myservices:		List of TCP ports on which this host
-	#			 	 offers services.
+	#  firewall_myservices:		List of ports/protocols on which this
+	#				 host offers services.
 	#  firewall_allowservices:	List of IPv4 and/or IPv6 addresses
 	#				 that have access to
 	#				 $firewall_myservices.
@@ -487,7 +487,24 @@ case ${firewall_type} in
 	#
 	for i in ${firewall_allowservices} ; do
 	  for j in ${firewall_myservices} ; do
-	    ${fwcmd} add pass tcp from $i to me $j
+	    case $j in
+	    [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo])
+	      ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me
+	    ;;
+	    [0-9A-Za-z]*/[Tt][Cc][Pp])
+	      ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]}
+	    ;;
+	    [0-9A-Za-z]*/[Uu][Dd][Pp])
+	      ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]}
+	    ;;
+	    *[0-9A-Za-z])
+	      echo "Consider using tcp/$j in firewall_myservices." > /dev/stderr
+	      ${fwcmd} add pass tcp from $i to me $j
+	    ;;
+	    *)
+	      echo "Invalid port in firewall_myservices: $j" > /dev/stderr
+	    ;;
+	    esac
 	  done
 	done