Date: Mon, 29 Aug 2022 21:40:34 -0700 From: "Dan Mahoney (Ports)" <freebsd@gushi.org> To: questions@freebsd.org Subject: Re: Firewall rules in a directory Message-ID: <D666503D-E5E2-4B6D-A960-A362EEFE6F95@gushi.org> In-Reply-To: <3FAB82EC-2C82-4201-AA47-B1AA92B89677@gushi.org> References: <3FAB82EC-2C82-4201-AA47-B1AA92B89677@gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Note, this wasn=E2=80=99t intended to be =E2=80=9Chere=E2=80=99s a diff, =
please put it in=E2=80=9D, just an illustration of how trivial an =
addition it is.
> On Aug 29, 2022, at 9:36 PM, Dan Mahoney (Ports) <freebsd@gushi.org> =
wrote:
>=20
> All,
>=20
> At the dayjob, we=E2=80=99ve taken to putting our ipfw rules into a =
directory using rcorder=E2=80=99able files. This way, each of our =
puppet manifests can drop its own rules into place without having to =
manage a monolithic file.
>=20
> It=E2=80=99s a simple patch to rc.firewall, where if you set =
firewall_type to a file, it just runs it, but if it=E2=80=99s a =
directory, it would treat it as such:
>=20
> *)
> if [ -r "${firewall_type}" ]; then
> if [ -f "${firewall_type}" ]; then
> ${fwcmd} ${firewall_flags} ${firewall_type}
> else
> if [ -d "${firewall_type}" ]; then
> for fwfile in `rcorder $firewall_type/*`
> do
> ipfw -q $fwfile;
> done
> fi
> fi
>=20
> Is there a possibility of getting this into base?
>=20
> -Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D666503D-E5E2-4B6D-A960-A362EEFE6F95>