Date: Tue, 30 Aug 2022 20:16:26 -0400 From: "Kevin P. Neal" <kpn@neutralgood.org> To: "Dan Mahoney (Ports)" <freebsd@gushi.org> Cc: questions@freebsd.org Subject: Re: Firewall rules in a directory Message-ID: <Yw6oWmqaqFuVyM2t@neutralgood.org> In-Reply-To: <D666503D-E5E2-4B6D-A960-A362EEFE6F95@gushi.org> References: <3FAB82EC-2C82-4201-AA47-B1AA92B89677@gushi.org> <D666503D-E5E2-4B6D-A960-A362EEFE6F95@gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 29, 2022 at 09:40:34PM -0700, Dan Mahoney (Ports) wrote: > Note, this wasn’t intended to be “here’s a diff, please put it in”, just an illustration of how trivial an addition it is. > > > On Aug 29, 2022, at 9:36 PM, Dan Mahoney (Ports) <freebsd@gushi.org> wrote: > > > > All, > > > > At the dayjob, we’ve taken to putting our ipfw rules into a directory using rcorder’able files. This way, each of our puppet manifests can drop its own rules into place without having to manage a monolithic file. > > > > It’s a simple patch to rc.firewall, where if you set firewall_type to a file, it just runs it, but if it’s a directory, it would treat it as such: > > > > *) > > if [ -r "${firewall_type}" ]; then > > if [ -f "${firewall_type}" ]; then > > ${fwcmd} ${firewall_flags} ${firewall_type} > > else > > if [ -d "${firewall_type}" ]; then > > for fwfile in `rcorder $firewall_type/*` > > do > > ipfw -q $fwfile; > > done > > fi > > fi > > > > Is there a possibility of getting this into base? Open a bug report as a feature request. Very few FreeBSD developers hang out on -questions and you'll get more visibility that way. -- Kevin P. Neal http://www.pobox.com/~kpn/ "I like being on The Daily Show." - Kermit the Frog, Feb 13 2001
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Yw6oWmqaqFuVyM2t>