Date: Tue, 30 Aug 2022 20:16:26 -0400 From: "Kevin P. Neal" <kpn@neutralgood.org> To: "Dan Mahoney (Ports)" <freebsd@gushi.org> Cc: questions@freebsd.org Subject: Re: Firewall rules in a directory Message-ID: <Yw6oWmqaqFuVyM2t@neutralgood.org> In-Reply-To: <D666503D-E5E2-4B6D-A960-A362EEFE6F95@gushi.org> References: <3FAB82EC-2C82-4201-AA47-B1AA92B89677@gushi.org> <D666503D-E5E2-4B6D-A960-A362EEFE6F95@gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 29, 2022 at 09:40:34PM -0700, Dan Mahoney (Ports) wrote:
> Note, this wasn’t intended to be “here’s a diff, please put it in”, just an illustration of how trivial an addition it is.
>
> > On Aug 29, 2022, at 9:36 PM, Dan Mahoney (Ports) <freebsd@gushi.org> wrote:
> >
> > All,
> >
> > At the dayjob, we’ve taken to putting our ipfw rules into a directory using rcorder’able files. This way, each of our puppet manifests can drop its own rules into place without having to manage a monolithic file.
> >
> > It’s a simple patch to rc.firewall, where if you set firewall_type to a file, it just runs it, but if it’s a directory, it would treat it as such:
> >
> > *)
> > if [ -r "${firewall_type}" ]; then
> > if [ -f "${firewall_type}" ]; then
> > ${fwcmd} ${firewall_flags} ${firewall_type}
> > else
> > if [ -d "${firewall_type}" ]; then
> > for fwfile in `rcorder $firewall_type/*`
> > do
> > ipfw -q $fwfile;
> > done
> > fi
> > fi
> >
> > Is there a possibility of getting this into base?
Open a bug report as a feature request. Very few FreeBSD developers hang
out on -questions and you'll get more visibility that way.
--
Kevin P. Neal http://www.pobox.com/~kpn/
"I like being on The Daily Show." - Kermit the Frog, Feb 13 2001
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Yw6oWmqaqFuVyM2t>