From owner-freebsd-security Mon Jul 23 13:55:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from imr1.ericy.com (imr1.ericy.com [208.237.135.240]) by hub.freebsd.org (Postfix) with ESMTP id E056537B408 for ; Mon, 23 Jul 2001 13:55:41 -0700 (PDT) (envelope-from Antoine.Beaupre@ericsson.ca) Received: from mr7.exu.ericsson.se (mr7u3.ericy.com [208.237.135.122]) by imr1.ericy.com (8.11.3/8.11.3) with ESMTP id f6NKtfp02605 for ; Mon, 23 Jul 2001 15:55:41 -0500 (CDT) Received: from noah.lmc.ericsson.se (noah.lmc.ericsson.se [142.133.1.1]) by mr7.exu.ericsson.se (8.11.3/8.11.3) with ESMTP id f6NKte111309 for ; Mon, 23 Jul 2001 15:55:41 -0500 (CDT) Received: from lmc35.lmc.ericsson.se (lmc35.lmc.ericsson.se [142.133.16.175]) by noah.lmc.ericsson.se (8.11.2/8.9.2) with ESMTP id f6NKteA14977 for ; Mon, 23 Jul 2001 16:55:40 -0400 (EDT) Received: by lmc35.lmc.ericsson.se with Internet Mail Service (5.5.2653.19) id ; Mon, 23 Jul 2001 16:55:39 -0400 Received: from lmc.ericsson.se (lmcpc100455.pc.lmc.ericsson.se [142.133.23.150]) by LMC37.lmc.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id PPVKMLW2; Mon, 23 Jul 2001 16:55:36 -0400 From: "Antoine Beaupre (LMC)" To: freebsd-security@FreeBSD.ORG Message-ID: <3B5C8F47.5050300@lmc.ericsson.se> Date: Mon, 23 Jul 2001 16:55:35 -0400 Organization: LMC, Ericsson Research Canada User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2+) Gecko/20010717 X-Accept-Language: en,fr-CA,fr MIME-Version: 1.0 Subject: rc.firewall change comments request Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi. I find that using a custom ruleset is a pain in the current rc.firewall setup. For example, since alternate setups are sourced using "ipfw" instead of the shell, you do not have access to valuable variables and conditionals, being limited to ipfw' syntax. I use conditionals and variables to make the config file more readable. I think that having a flat ipfw source file is unpractical and hard to maintain. What I suggest is to change the way of sourcing alternate config files. Instead of doing: *) if [ -r "${firewall_type}" ]; then ${fwcmd} ${firewall_flags} ${firewall_type} rc.firewall should be doing: *) if [ -r "${firewall_type}" ]; then . ${firewall_type}` What do you people think about that? Should I submit a pr? Thanks, A. -- Antoine Beaupré Jambala TCM team Ericsson Canada inc. mailto:antoine.beaupre@ericsson.ca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message