From owner-freebsd-questions@FreeBSD.ORG Mon Jan 3 21:34:17 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA76816A4CE for ; Mon, 3 Jan 2005 21:34:17 +0000 (GMT) Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es [62.174.254.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id D769043D48 for ; Mon, 3 Jan 2005 21:34:16 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.0.32] (charm.daemonsecurity.com [192.168.0.32]) by top.daemonsecurity.com (Postfix) with ESMTP id F20CDFE646; Mon, 3 Jan 2005 22:34:14 +0100 (CET) Message-ID: <41D9BA53.4060105@locolomo.org> Date: Mon, 03 Jan 2005 22:34:11 +0100 From: Erik Norgaard User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041114 X-Accept-Language: en, en-us, da, it, es MIME-Version: 1.0 To: Eric F Crist References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net> <15416223037.20050103193803@hexren.net> <6074EB8D-5DC6-11D9-89A5-000D93AD26C8@tntluoma.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Timothy Luoma cc: FreeBSD-Questions Questions Subject: Re: my lame attempt at a shell script... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2005 21:34:18 -0000 Eric F Crist wrote: > elif [ "$grog_firewall_enable" <> "YES" or "NO" ] > then > echo "Syntax error in /etc/rc.conf file. grog_firewall_enable > must be YES or NO" > fi I don't know if you're on 5.x, nor whether you use ipfw, ipfilter or pf - I wrote a replacement for ipfilter as I got dizzy trying to maintain a too long ruleset so I wanted to split it into multiple files. On 5.x things get a lot simpler. In /etc/rc.d there are plenty of scripts to look at - don't look at rc.firewall. The scripts in /etc/rc.d are executed as ordered by rcorder(8). Create your script and load rc.subr: . /etc/rc.subr which gives you a lot of predefined handy functions. Set the "name" variable in the script, eg: name="grog" # Name of my firewall script it is customary to call the script the same. Follow by load_rc_config=$name most scripts then just includes the line run_rc_command "$1" - everything is defined by the functions in rc.subr. Now, you can set the commands to be run and define them in your script, see eg. ipfilter. rc.subr also contains a "checkyesno" function answering your question above - however, it is normal to check "[Yy][Ee][Ss]" and treat everything else as a no. After all, what are you gonna do if you only accept "yes" or "no" but some one typed "yeah right"? You must have a default action. Since your script isn't default, maybe don't add default settings to /etc/defaults/rc.conf. Instead variables can have defaults eg: ${ipfilter_program:-/sbin/ipf} will use /sbin/ipf unless the ipfilter_program variable is set. Finally, don't use bash, use /bin/sh and nothing else, you don't know if bash is available when your script run. Regarding your script, which I got deleted from this mail (sorry), I think there is an error: > if [ "$grog_firewall_enable" = "YES" ] this "=" is assignment and will always evaulate to true. You want if [ "$grog_firewall_enable" -eq "YES" ] I'm not sure if "==" works, but always be careful you're not using asignment in if-statements. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2