Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Oct 2014 00:31:52 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r273201 - head/etc
Message-ID:  <201410170031.s9H0VqcX080769@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: hrs
Date: Fri Oct 17 00:31:51 2014
New Revision: 273201
URL: https://svnweb.freebsd.org/changeset/base/273201

Log:
  Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, which
  interpreted the listed items as port numbers of TCP services.
  
  A service with no suffix still works and recognized as a TCP service for
  backward compatibility.  It should be updated with /tcp suffix.
  
  PR:		194292
  MFC after:	1 week

Modified:
  head/etc/rc.firewall

Modified: head/etc/rc.firewall
==============================================================================
--- head/etc/rc.firewall	Fri Oct 17 00:05:31 2014	(r273200)
+++ head/etc/rc.firewall	Fri Oct 17 00:31:51 2014	(r273201)
@@ -422,8 +422,8 @@ case ${firewall_type} in
 
 [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
 	# Configuration:
-	#  firewall_myservices:		List of TCP ports on which this host
-	#			 	 offers services.
+	#  firewall_myservices:		List of ports/protocols on which this
+	#				 host offers services.
 	#  firewall_allowservices:	List of IPv4 and/or IPv6 addresses
 	#				 that have access to
 	#				 $firewall_myservices.
@@ -487,7 +487,24 @@ case ${firewall_type} in
 	#
 	for i in ${firewall_allowservices} ; do
 	  for j in ${firewall_myservices} ; do
-	    ${fwcmd} add pass tcp from $i to me $j
+	    case $j in
+	    [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo])
+	      ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me
+	    ;;
+	    [0-9A-Za-z]*/[Tt][Cc][Pp])
+	      ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]}
+	    ;;
+	    [0-9A-Za-z]*/[Uu][Dd][Pp])
+	      ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]}
+	    ;;
+	    *[0-9A-Za-z])
+	      echo "Consider using tcp/$j in firewall_myservices." > /dev/stderr
+	      ${fwcmd} add pass tcp from $i to me $j
+	    ;;
+	    *)
+	      echo "Invalid port in firewall_myservices: $j" > /dev/stderr
+	    ;;
+	    esac
 	  done
 	done

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410170031.s9H0VqcX080769>