From owner-freebsd-security  Mon Jul 23 16: 6:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178])
	by hub.freebsd.org (Postfix) with ESMTP id E8E9E37B401
	for <freebsd-security@FreeBSD.ORG>; Mon, 23 Jul 2001 16:06:31 -0700 (PDT)
	(envelope-from gshapiro@gshapiro.net)
Received: from horsey.gshapiro.net (gshapiro@localhost [127.0.0.1])
	by horsey.gshapiro.net (8.12.0.Beta16/8.12.0.Beta16) with ESMTP id f6NN6PHk001793
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 23 Jul 2001 16:06:25 -0700 (PDT)
Received: (from gshapiro@localhost)
	by horsey.gshapiro.net (8.12.0.Beta16/8.12.0.Beta16) id f6NN6PsA001790;
	Mon, 23 Jul 2001 16:06:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15196.44529.197423.239149@horsey.gshapiro.net>
Date: Mon, 23 Jul 2001 16:06:25 -0700
From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
To: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: rc.firewall change comments request
In-Reply-To: <3B5C8F47.5050300@lmc.ericsson.se>
References: <3B5C8F47.5050300@lmc.ericsson.se>
X-Mailer: VM 6.92 under 21.5  (beta1) "anise" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Antoine.Beaupre> For example, since alternate setups are sourced using
Antoine.Beaupre> "ipfw" instead of the shell, you do not have access to
Antoine.Beaupre> valuable variables and conditionals, being limited to
Antoine.Beaupre> ipfw' syntax.

Antoine.Beaupre> I use conditionals and variables to make the config file
Antoine.Beaupre> more readable.

Antoine.Beaupre> I think that having a flat ipfw source file is unpractical
Antoine.Beaupre> and hard to maintain.

Why not just set firewall_script in your /etc/rc.conf?

firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message