From owner-freebsd-rc@FreeBSD.ORG  Fri Feb 24 04:21:45 2006
Return-Path: <owner-freebsd-rc@FreeBSD.ORG>
X-Original-To: freebsd-rc@freebsd.org
Delivered-To: freebsd-rc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4CCBD16A420
	for <freebsd-rc@freebsd.org>; Fri, 24 Feb 2006 04:21:45 +0000 (GMT)
	(envelope-from v.velox@vvelox.net)
Received: from mail07.powweb.com (mail07.powweb.com [66.152.97.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F061643D46
	for <freebsd-rc@freebsd.org>; Fri, 24 Feb 2006 04:21:44 +0000 (GMT)
	(envelope-from v.velox@vvelox.net)
Received: from vixen42.vulpes (24-119-205-114.cpe.cableone.net
	[24.119.205.114])
	by mail07.powweb.com (Postfix) with ESMTP id 7B68014DB97
	for <freebsd-rc@freebsd.org>; Thu, 23 Feb 2006 20:21:42 -0800 (PST)
Date: Thu, 23 Feb 2006 22:32:15 -0600
From: Vulpes Velox <v.velox@vvelox.net>
To: freebsd-rc@freebsd.org
Message-ID: <20060223223215.40c1945a@vixen42.vulpes>
X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.12; i386-portbld-freebsd5.4)
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=MP_y5bXSNKjWDK8OGX5ayeZd2v
Subject: Improvements to the ipfw rc scripts.
X-BeenThere: freebsd-rc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion related to /etc/rc.d design and implementation."
	<freebsd-rc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
	<mailto:freebsd-rc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-rc>
List-Post: <mailto:freebsd-rc@freebsd.org>
List-Help: <mailto:freebsd-rc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
	<mailto:freebsd-rc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2006 04:21:45 -0000

--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Here are some patches that add in the ability to save current ipfw
rules and recall them. It saves it to /var/db/ipfw/. A save with .6
after it is for ip6fw. By default last is used. A name can be
specified as well.

ipfw save moose will create /var/db/ipfw/moose.
ipfw start moose will start ipfw using /var/db/ipfw/moose.
--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.d_ip6fw.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.d_ip6fw.patch

17a18,27
> extra_commands="save"
> save_cmd="ipfw_save"
> 
> # Gets the name of the save to use.
> if [ ! -z $2 ]; then
> 	savename="$2"
> 	usingsave="yes"
> else
> 	savename="last"
> fi
31a42,48
> ipfw_save()
> {
> 	# Saves the firewall rules to /var/db/ipfw/$savename
> 	[ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
> 	ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename.6
> }
> 
33a51,58
>         # Make sure the save file exists if one is specified.
> 	if [ ! -z $usingsave ]; then
> 		if [ ! -f "/var/db/ipfw/$savename.6" ]; then
> 			echo "Specified save does not exist"
> 			exit 1
> 		fi
> 	fi
> 												
42c67
< 		. "${ipv6_firewall_script}"
---
> 		. "${ipv6_firewall_script}" $savename

--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.d_ipfw.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.d_ipfw.patch

18a19,29
> extra_commands="save"
> save_cmd="ipfw_save"
> 
> 
> #gets the name of the save to use
> if [ ! -z $2 ]; then
> 	savename="$2"
> 	usingsave="yes"
> else
> 	savename="last"
> fi
31a43,49
> ipfw_save()
> {
>         # Saves the firewall rules to /var/db/ipfw/$savename
> 	[ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
> 	ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename
> }
> 
33a52,59
> 	# Make sure the save file exists if one is specified
> 	if [ ! -z $usingsave ]; then
> 		if [ ! -f "/var/db/ipfw/$savename" ]; then
> 		    echo "Specified save does not exist"
> 		    exit 1
> 		fi
> 	fi
> 
38c64
< 		. "${firewall_script}"
---
> 		. "${firewall_script}" $savename

--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.firewall.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.firewall.patch

--- /usr/src/etc/rc.firewall	Sun Nov  2 07:31:44 2003
+++ /etc/rc.firewall	Sun Feb 19 09:08:52 2006
@@ -143,6 +143,17 @@
 	setup_loopback
 	${fwcmd} add 65000 pass all from any to any
 	;;
+	
+[Ll][Aa][Ss][Tt])
+	# Gets the name of the save to use.
+	if [ ! -z $1 ]; then
+		savename="$1"
+	else
+		savename="last"
+	fi
+	
+	. /var/db/ipfw/$savename
+	;;
 
 [Cc][Ll][Ii][Ee][Nn][Tt])
 	############

--MP_y5bXSNKjWDK8OGX5ayeZd2v
Content-Type: text/x-patch; name=rc.firewall6.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=rc.firewall6.patch

--- /usr/src/etc/rc.firewall6	Sun Dec  4 08:48:05 2005
+++ /etc/rc.firewall6	Sun Feb 19 09:13:20 2006
@@ -105,6 +105,17 @@
 	${fw6cmd} add 65000 pass all from any to any
 	;;
 
+[Ll][Aa][Ss][Tt])
+        # Gets the name of the save to use.
+	if [ ! -z $1 ]; then
+		savename="$1"
+	else
+		savename="last"
+	fi
+
+	. /var/db/ipfw/$savename.6
+	;;
+
 [Cc][Ll][Ii][Ee][Nn][Tt])
 	############
 	# This is a prototype setup that will protect your system somewhat

--MP_y5bXSNKjWDK8OGX5ayeZd2v--