From owner-freebsd-bugs@FreeBSD.ORG Sat Feb 25 04:20:04 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AEB316A420 for ; Sat, 25 Feb 2006 04:20:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3AE243D48 for ; Sat, 25 Feb 2006 04:20:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1P4K3Kn053035 for ; Sat, 25 Feb 2006 04:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1P4K3BX053034; Sat, 25 Feb 2006 04:20:03 GMT (envelope-from gnats) Resent-Date: Sat, 25 Feb 2006 04:20:03 GMT Resent-Message-Id: <200602250420.k1P4K3BX053034@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Vulpes Velox Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E1C116A420 for ; Sat, 25 Feb 2006 04:19:11 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05EEF43D45 for ; Sat, 25 Feb 2006 04:19:10 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k1P4JAI3011526 for ; Sat, 25 Feb 2006 04:19:10 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k1P4JAWd011525; Sat, 25 Feb 2006 04:19:10 GMT (envelope-from nobody) Message-Id: <200602250419.k1P4JAWd011525@www.freebsd.org> Date: Sat, 25 Feb 2006 04:19:10 GMT From: Vulpes Velox To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw and rc.d/ip6fw. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 04:20:04 -0000 >Number: 93815 >Category: conf >Synopsis: Adds in the ability to save ipfw rules to rc.d/ipfw and rc.d/ip6fw. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Feb 25 04:20:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Vulpes Velox >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD 5.4-STABLE #0: Sun Dec 4 02:26:56 CST 2005 kitsune@vixen42.vulpes:/usr/obj/usr/src/sys/vixen42-1 >Description: This allows ipfw rules to be saved. /var/db/ipfw is used for that. If a name for the save is not specified, last will be used. They can be saved like this... /etc/rc.d/ipfw save They can be recalled like this... /etc/rc.d/ipfw restart firewall_type has to be set to last in rc.conf for starting it with a save, as of currently. >How-To-Repeat: >Fix: --- rc.d_ipfw.patch begins here --- 18a19,29 > extra_commands="save" > save_cmd="ipfw_save" > > > #gets the name of the save to use > if [ ! -z $2 ]; then > savename="$2" > usingsave="yes" > else > savename="last" > fi 31a43,49 > ipfw_save() > { > # Saves the firewall rules to /var/db/ipfw/$savename > [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw > ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename > } > 33a52,59 > # Make sure the save file exists if one is specified > if [ ! -z $usingsave ]; then > if [ ! -f "/var/db/ipfw/$savename" ]; then > echo "Specified save does not exist" > exit 1 > fi > fi > 38c64 < . "${firewall_script}" --- > . "${firewall_script}" $savename --- rc.d_ipfw.patch ends here --- --- rc.firewall.patch begins here --- --- /usr/src/etc/rc.firewall Sun Nov 2 07:31:44 2003 +++ /etc/rc.firewall Sun Feb 19 09:08:52 2006 @@ -143,6 +143,17 @@ setup_loopback ${fwcmd} add 65000 pass all from any to any ;; + +[Ll][Aa][Ss][Tt]) + # Gets the name of the save to use. + if [ ! -z $1 ]; then + savename="$1" + else + savename="last" + fi + + . /var/db/ipfw/$savename + ;; [Cc][Ll][Ii][Ee][Nn][Tt]) ############ --- rc.firewall.patch ends here --- --- rc.d_ip6fw.patch begins here --- 17a18,27 > extra_commands="save" > save_cmd="ipfw_save" > > # Gets the name of the save to use. > if [ ! -z $2 ]; then > savename="$2" > usingsave="yes" > else > savename="last" > fi 31a42,48 > ipfw_save() > { > # Saves the firewall rules to /var/db/ipfw/$savename > [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw > ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename.6 > } > 33a51,58 > # Make sure the save file exists if one is specified. > if [ ! -z $usingsave ]; then > if [ ! -f "/var/db/ipfw/$savename.6" ]; then > echo "Specified save does not exist" > exit 1 > fi > fi > 42c67 < . "${ipv6_firewall_script}" --- > . "${ipv6_firewall_script}" $savename --- rc.d_ip6fw.patch ends here --- --- rc.firewall6.patch begins here --- --- /usr/src/etc/rc.firewall6 Sun Dec 4 08:48:05 2005 +++ /etc/rc.firewall6 Sun Feb 19 09:13:20 2006 @@ -105,6 +105,17 @@ ${fw6cmd} add 65000 pass all from any to any ;; +[Ll][Aa][Ss][Tt]) + # Gets the name of the save to use. + if [ ! -z $1 ]; then + savename="$1" + else + savename="last" + fi + + . /var/db/ipfw/$savename.6 + ;; + [Cc][Ll][Ii][Ee][Nn][Tt]) ############ # This is a prototype setup that will protect your system somewhat --- rc.firewall6.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: