Date: Mon, 03 Jan 2005 22:34:11 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Eric F Crist <ecrist@secure-computing.net> Cc: FreeBSD-Questions Questions <freebsd-questions@freebsd.org> Subject: Re: my lame attempt at a shell script... Message-ID: <41D9BA53.4060105@locolomo.org> In-Reply-To: <F0BE3E23-5DC8-11D9-B56F-000D9333E43C@secure-computing.net> References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net> <15416223037.20050103193803@hexren.net> <6074EB8D-5DC6-11D9-89A5-000D93AD26C8@tntluoma.com> <F0BE3E23-5DC8-11D9-B56F-000D9333E43C@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric F Crist wrote:
> elif [ "$grog_firewall_enable" <> "YES" or "NO" ]
> then
> echo "Syntax error in /etc/rc.conf file. grog_firewall_enable
> must be YES or NO"
> fi
I don't know if you're on 5.x, nor whether you use ipfw, ipfilter or pf
- I wrote a replacement for ipfilter as I got dizzy trying to maintain a
too long ruleset so I wanted to split it into multiple files.
On 5.x things get a lot simpler. In /etc/rc.d there are plenty of
scripts to look at - don't look at rc.firewall.
The scripts in /etc/rc.d are executed as ordered by rcorder(8).
Create your script and load rc.subr:
. /etc/rc.subr
which gives you a lot of predefined handy functions. Set the "name"
variable in the script, eg:
name="grog" # Name of my firewall script
it is customary to call the script the same. Follow by
load_rc_config=$name
most scripts then just includes the line
run_rc_command "$1"
- everything is defined by the functions in rc.subr. Now, you can set
the commands to be run and define them in your script, see eg. ipfilter.
rc.subr also contains a "checkyesno" function answering your question
above - however, it is normal to check "[Yy][Ee][Ss]" and treat
everything else as a no. After all, what are you gonna do if you only
accept "yes" or "no" but some one typed "yeah right"? You must have a
default action.
Since your script isn't default, maybe don't add default settings to
/etc/defaults/rc.conf. Instead variables can have defaults eg:
${ipfilter_program:-/sbin/ipf} will use /sbin/ipf unless the
ipfilter_program variable is set.
Finally, don't use bash, use /bin/sh and nothing else, you don't know if
bash is available when your script run.
Regarding your script, which I got deleted from this mail (sorry), I
think there is an error:
> if [ "$grog_firewall_enable" = "YES" ]
this "=" is assignment and will always evaulate to true. You want
if [ "$grog_firewall_enable" -eq "YES" ]
I'm not sure if "==" works, but always be careful you're not using
asignment in if-statements.
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41D9BA53.4060105>