Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 May 2003 14:26:23 +0100
From:      Philip Payne <philip.payne@uk.mci.com>
To:        'Carolyn Longfoot' <c_longfoot@hotmail.com>
Cc:        "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org>
Subject:   RE: Update Firewall Rules
Message-ID:  <36D04A8168B2D41182250008C7E6F8780374F76D@ukcamexch2.cbg.uk.corp.eu.uu.net>
next in thread | raw e-mail | index | archive | help 
Hi.

> Thanks to all who replied, lots of food for thought!
> 
> Maybe my setup is a little different than what people use 
> because I have 
> different rule sets in /etc/rc.firewall (which is the default 
> with OPEN, 
> SIMPLE and CLIENT) and one of them is configured in /etc/rc.conf.
> 
> So my question is how I change from one rule set to another 
> that is defined 
> in rc.firewall. The problem should simply be how to pass the 
> parameter (and 
> to what) because
> sh /etc/rc.firewall OPEN
> does not work, this simply reloads the same rule set that's 
> defined in 
> /etc/rc.conf.
> 
> Good advice against lock-outs though. Is generally the 
> preferred approach to 
> use different files for different rules, rather than keep sets in 
> /etc/rc.firewall? And if so, how do you set this up in 
> /etc/rc.conf, since 
> the firewall type by default looks at rc.firewall...

Using the same approach as writing a script to carry out the 
     sh /etc/rc.firewall
command. 

You could either have different scripts to pass the firewall_type variable
and then do the firewall rules e.g.:

open-firewall.sh:
---
#!/bin/sh
FIREWALL_TYPE="OPEN"
sh /etc/rc.firewall
---

closed-firewall.sh:
---
#!/bin.sh
FIREWALL_TYPE="CLOSED"
sh /etc/rc.firewall
---

I'm really not a shell scripting person (networking is my area), so I can't
say this will definitely work but... kind of sounds right. Perhaps someone
with more shell scripting experise can comment.

Alternatively, couldn't you just specify the variable on the command line
before running the implementation script? e.g in bash:

# FIREWALL_TYPE=OPEN
# export FIREWALL_TYPE
# install-fwrules.sh

Again, never tried it myself... 

Let me know how you get on. Wouldn't mind knowing for sure what's the
correct approach.

Ta,
Phil.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36D04A8168B2D41182250008C7E6F8780374F76D>