Date: Sun, 12 Mar 2006 09:21:39 GMT From: Vulpes Velox <v.velox@vvelox.net> To: freebsd-rc@FreeBSD.org Subject: Re: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw and rc.d/ip6fw. Message-ID: <200603120921.k2C9Ld1o077144@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/93815; it has been noted by GNATS. From: Vulpes Velox <v.velox@vvelox.net> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: bug-followup@FreeBSD.org Subject: Re: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw and rc.d/ip6fw. Date: Sun, 12 Mar 2006 00:47:33 -0600 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline On Thu, 9 Mar 2006 14:16:37 +0200 Giorgos Keramidas <keramida@ceid.upatras.gr> wrote: > On 2006-03-08 22:23, Vulpes Velox <v.velox@vvelox.net> wrote: > > Cool. I like the that idea for the savedir. I am some what mixed > > about making it longer, but I see the point in making it more > > readable though. > > [...] > > I will have the new patch set pr submitted tomorrow. > > Note that the patch still has to be reviewed by one of our rc.d > experts, but thank you for considering to make the changes to match > some of my suggestions. Keep the good work up :))) > Made a few more changes. I just got thinking of the idea of eliminating rc.firewall and rc.firewall6 entirely. Will be sending in another patch set shortly. This set includes load and unload. This will load or unload a set of rules. This will unload or load a save, with out flushing. I have also added a new variable. fwcmd2. This is like fwcmd in rc.firewall, but has add/delete added to it depending on what it is doing. BTW is there any good reason this is included in rc.firewall/rc.firewall6 instead of ipfw/ip6fw? ############ # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd="/sbin/ipfw -q" ;; *) fwcmd="/sbin/ipfw" ;; esac I see there being no problem moving that into ipfw. --MP_mS8Ucp6Sl2z5XmLbi.CVHUX Content-Type: text/x-patch; name=ip6fw.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=ip6fw.diff 18,29d17 < extra_commands="save load unload" < save_cmd="ipfw_save" < load_cmd="ipfw_load" < unload_cmd="ipfw_unload" < < # Gets the name of the save to use. < if [ ! -z "$2" ]; then < savename="$2" < usingsave="yes" < else < savename="last" < fi 44,82d31 < ipfw_save() < { < # Saves the firewall rules to /var/db/ipfw/$savename < [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw < ipfw list | awk '{print "${fw6cmd2} " $0 }' > /var/db/ipfw/$savename.6 < } < < ipfw_load() < { < < # Set quiet mode if requested < case ${firewall_quiet} in < [Yy][Ee][Ss]) < fwcmd2="/sbin/ipfw -q add" < ;; < *) < fwcmd2="/sbin/ipfw add" < ;; < esac < < . /var/db/ipfw/$savename.6 < } < < ipfw_unload() < { < < # Set quiet mode if requested < case ${firewall_quiet} in < [Yy][Ee][Ss]) < fwcmd2="/sbin/ipfw -q delete" < ;; < *) < fwcmd2="/sbin/ipfw delete" < ;; < esac < < . /var/db/ipfw/$savename.6 < } < 85,92d33 < # Make sure the save file exists if one is specified. < if [ ! -z "$usingsave" ]; then < if [ ! -f "/var/db/ipfw/$savename.6" ]; then < echo "Specified save does not exist" < exit 1 < fi < fi < 101c42 < . "${ipv6_firewall_script}" $savename --- > . "${ipv6_firewall_script}" --MP_mS8Ucp6Sl2z5XmLbi.CVHUX Content-Type: text/x-patch; name=ipfw.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=ipfw.diff 19,30d18 < extra_commands="save load unload" < save_cmd="ipfw_save" < load_cmd="ipfw_load" < unload_cmd="ipfw_unload" < < #gets the name of the save to use < if [ ! -z "$2" ]; then < savename="$2" < usingsave="yes" < else < savename="last" < fi 44,82d31 < ipfw_save() < { < # Saves the firewall rules to /var/db/ipfw/$savename < [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw < ipfw list | awk '{print "${fwcmd2} " $0 }' > /var/db/ipfw/$savename < } < < ipfw_load() < { < < # Set quiet mode if requested < case ${firewall_quiet} in < [Yy][Ee][Ss]) < fwcmd2="/sbin/ipfw -q add" < ;; < *) < fwcmd2="/sbin/ipfw add" < ;; < esac < < . /var/db/ipfw/$savename < } < < ipfw_unload() < { < < # Set quiet mode if requested < case ${firewall_quiet} in < [Yy][Ee][Ss]) < fwcmd2="/sbin/ipfw -q delete" < ;; < *) < fwcmd2="/sbin/ipfw delete" < ;; < esac < < . /var/db/ipfw/$savename < } < 85,92d33 < # Make sure the save file exists if one is specified < if [ ! -z "$usingsave" ]; then < if [ ! -f "/var/db/ipfw/$savename" ]; then < echo "Specified save does not exist" < exit 1 < fi < fi < 97c38 < . "${firewall_script}" $savename --- > . "${firewall_script}" --MP_mS8Ucp6Sl2z5XmLbi.CVHUX Content-Type: text/x-patch; name=rc.firewall.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=rc.firewall.diff 146,158d145 < < [Ss][Aa][Vv][Ee]) < # Gets the name of the save to use. < if [ ! -z "$1" ]; then < savename="$1" < else < savename="last" < fi < < fwcmd2="${fwcmd} add" < < . /var/db/ipfw/$savename < ;; --MP_mS8Ucp6Sl2z5XmLbi.CVHUX Content-Type: text/x-patch; name=rc.firewall6.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=rc.firewall6.diff 108,120d107 < [Ss][Aa][Vv][Ee]) < # Gets the name of the save to use. < if [ ! -z "$1" ]; then < savename="$1" < else < savename="last" < fi < < fw6cmd2="${fw6cmd} add" < < . /var/db/ipfw/$savename.6 < ;; < --MP_mS8Ucp6Sl2z5XmLbi.CVHUX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603120921.k2C9Ld1o077144>