Date: Thu, 23 Feb 2006 22:32:15 -0600 From: Vulpes Velox <v.velox@vvelox.net> To: freebsd-rc@freebsd.org Subject: Improvements to the ipfw rc scripts. Message-ID: <20060223223215.40c1945a@vixen42.vulpes>
next in thread | raw e-mail | index | archive | help
--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Here are some patches that add in the ability to save current ipfw
rules and recall them. It saves it to /var/db/ipfw/. A save with .6
after it is for ip6fw. By default last is used. A name can be
specified as well.
ipfw save moose will create /var/db/ipfw/moose.
ipfw start moose will start ipfw using /var/db/ipfw/moose.
--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.d_ip6fw.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.d_ip6fw.patch
17a18,27
> extra_commands="save"
> save_cmd="ipfw_save"
>
> # Gets the name of the save to use.
> if [ ! -z $2 ]; then
> savename="$2"
> usingsave="yes"
> else
> savename="last"
> fi
31a42,48
> ipfw_save()
> {
> # Saves the firewall rules to /var/db/ipfw/$savename
> [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
> ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename.6
> }
>
33a51,58
> # Make sure the save file exists if one is specified.
> if [ ! -z $usingsave ]; then
> if [ ! -f "/var/db/ipfw/$savename.6" ]; then
> echo "Specified save does not exist"
> exit 1
> fi
> fi
>
42c67
< . "${ipv6_firewall_script}"
---
> . "${ipv6_firewall_script}" $savename
--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.d_ipfw.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.d_ipfw.patch
18a19,29
> extra_commands="save"
> save_cmd="ipfw_save"
>
>
> #gets the name of the save to use
> if [ ! -z $2 ]; then
> savename="$2"
> usingsave="yes"
> else
> savename="last"
> fi
31a43,49
> ipfw_save()
> {
> # Saves the firewall rules to /var/db/ipfw/$savename
> [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
> ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename
> }
>
33a52,59
> # Make sure the save file exists if one is specified
> if [ ! -z $usingsave ]; then
> if [ ! -f "/var/db/ipfw/$savename" ]; then
> echo "Specified save does not exist"
> exit 1
> fi
> fi
>
38c64
< . "${firewall_script}"
---
> . "${firewall_script}" $savename
--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.firewall.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.firewall.patch
--- /usr/src/etc/rc.firewall Sun Nov 2 07:31:44 2003
+++ /etc/rc.firewall Sun Feb 19 09:08:52 2006
@@ -143,6 +143,17 @@
setup_loopback
${fwcmd} add 65000 pass all from any to any
;;
+
+[Ll][Aa][Ss][Tt])
+ # Gets the name of the save to use.
+ if [ ! -z $1 ]; then
+ savename="$1"
+ else
+ savename="last"
+ fi
+
+ . /var/db/ipfw/$savename
+ ;;
[Cc][Ll][Ii][Ee][Nn][Tt])
############
--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.firewall6.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.firewall6.patch
--- /usr/src/etc/rc.firewall6 Sun Dec 4 08:48:05 2005
+++ /etc/rc.firewall6 Sun Feb 19 09:13:20 2006
@@ -105,6 +105,17 @@
${fw6cmd} add 65000 pass all from any to any
;;
+[Ll][Aa][Ss][Tt])
+ # Gets the name of the save to use.
+ if [ ! -z $1 ]; then
+ savename="$1"
+ else
+ savename="last"
+ fi
+
+ . /var/db/ipfw/$savename.6
+ ;;
+
[Cc][Ll][Ii][Ee][Nn][Tt])
############
# This is a prototype setup that will protect your system somewhat
--MP_y5bXSNKjWDK8OGX5ayeZd2v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060223223215.40c1945a>