Date: Sat, 25 Feb 2006 04:19:10 GMT From: Vulpes Velox <v.velox@vvelox.net> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw and rc.d/ip6fw. Message-ID: <200602250419.k1P4JAWd011525@www.freebsd.org> Resent-Message-ID: <200602250420.k1P4K3BX053034@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93815
>Category: conf
>Synopsis: Adds in the ability to save ipfw rules to rc.d/ipfw and rc.d/ip6fw.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 25 04:20:03 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Vulpes Velox
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD 5.4-STABLE #0: Sun Dec 4 02:26:56 CST 2005
kitsune@vixen42.vulpes:/usr/obj/usr/src/sys/vixen42-1
>Description:
This allows ipfw rules to be saved. /var/db/ipfw is used for that. If a name for the save is not specified, last will be used.
They can be saved like this...
/etc/rc.d/ipfw save <name>
They can be recalled like this...
/etc/rc.d/ipfw restart <name>
firewall_type has to be set to last in rc.conf for starting it with a save, as of currently.
>How-To-Repeat:
>Fix:
--- rc.d_ipfw.patch begins here ---
18a19,29
> extra_commands="save"
> save_cmd="ipfw_save"
>
>
> #gets the name of the save to use
> if [ ! -z $2 ]; then
> savename="$2"
> usingsave="yes"
> else
> savename="last"
> fi
31a43,49
> ipfw_save()
> {
> # Saves the firewall rules to /var/db/ipfw/$savename
> [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
> ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename
> }
>
33a52,59
> # Make sure the save file exists if one is specified
> if [ ! -z $usingsave ]; then
> if [ ! -f "/var/db/ipfw/$savename" ]; then
> echo "Specified save does not exist"
> exit 1
> fi
> fi
>
38c64
< . "${firewall_script}"
---
> . "${firewall_script}" $savename
--- rc.d_ipfw.patch ends here ---
--- rc.firewall.patch begins here ---
--- /usr/src/etc/rc.firewall Sun Nov 2 07:31:44 2003
+++ /etc/rc.firewall Sun Feb 19 09:08:52 2006
@@ -143,6 +143,17 @@
setup_loopback
${fwcmd} add 65000 pass all from any to any
;;
+
+[Ll][Aa][Ss][Tt])
+ # Gets the name of the save to use.
+ if [ ! -z $1 ]; then
+ savename="$1"
+ else
+ savename="last"
+ fi
+
+ . /var/db/ipfw/$savename
+ ;;
[Cc][Ll][Ii][Ee][Nn][Tt])
############
--- rc.firewall.patch ends here ---
--- rc.d_ip6fw.patch begins here ---
17a18,27
> extra_commands="save"
> save_cmd="ipfw_save"
>
> # Gets the name of the save to use.
> if [ ! -z $2 ]; then
> savename="$2"
> usingsave="yes"
> else
> savename="last"
> fi
31a42,48
> ipfw_save()
> {
> # Saves the firewall rules to /var/db/ipfw/$savename
> [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
> ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename.6
> }
>
33a51,58
> # Make sure the save file exists if one is specified.
> if [ ! -z $usingsave ]; then
> if [ ! -f "/var/db/ipfw/$savename.6" ]; then
> echo "Specified save does not exist"
> exit 1
> fi
> fi
>
42c67
< . "${ipv6_firewall_script}"
---
> . "${ipv6_firewall_script}" $savename
--- rc.d_ip6fw.patch ends here ---
--- rc.firewall6.patch begins here ---
--- /usr/src/etc/rc.firewall6 Sun Dec 4 08:48:05 2005
+++ /etc/rc.firewall6 Sun Feb 19 09:13:20 2006
@@ -105,6 +105,17 @@
${fw6cmd} add 65000 pass all from any to any
;;
+[Ll][Aa][Ss][Tt])
+ # Gets the name of the save to use.
+ if [ ! -z $1 ]; then
+ savename="$1"
+ else
+ savename="last"
+ fi
+
+ . /var/db/ipfw/$savename.6
+ ;;
+
[Cc][Ll][Ii][Ee][Nn][Tt])
############
# This is a prototype setup that will protect your system somewhat
--- rc.firewall6.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602250419.k1P4JAWd011525>