From owner-freebsd-rc@FreeBSD.ORG  Sun Mar 12 09:24:23 2006
Return-Path: <owner-freebsd-rc@FreeBSD.ORG>
X-Original-To: freebsd-rc@hub.freebsd.org
Delivered-To: freebsd-rc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 469E116A937
	for <freebsd-rc@hub.freebsd.org>; Sun, 12 Mar 2006 09:24:23 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F149A43D7B
	for <freebsd-rc@hub.freebsd.org>; Sun, 12 Mar 2006 09:21:39 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2C9Ldli077145
	for <freebsd-rc@freefall.freebsd.org>; Sun, 12 Mar 2006 09:21:39 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2C9Ld1o077144;
	Sun, 12 Mar 2006 09:21:39 GMT (envelope-from gnats)
Date: Sun, 12 Mar 2006 09:21:39 GMT
Message-Id: <200603120921.k2C9Ld1o077144@freefall.freebsd.org>
To: freebsd-rc@FreeBSD.org
From: Vulpes Velox <v.velox@vvelox.net>
Cc: 
Subject: Re: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw
 and rc.d/ip6fw.
X-BeenThere: freebsd-rc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Vulpes Velox <v.velox@vvelox.net>
List-Id: "Discussion related to /etc/rc.d design and implementation."
	<freebsd-rc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
	<mailto:freebsd-rc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-rc>
List-Post: <mailto:freebsd-rc@freebsd.org>
List-Help: <mailto:freebsd-rc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
	<mailto:freebsd-rc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2006 09:24:23 -0000

The following reply was made to PR conf/93815; it has been noted by GNATS.

From: Vulpes Velox <v.velox@vvelox.net>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/93815: Adds in the ability to save ipfw rules to rc.d/ipfw
 and rc.d/ip6fw.
Date: Sun, 12 Mar 2006 00:47:33 -0600

 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 On Thu, 9 Mar 2006 14:16:37 +0200
 Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
 
 > On 2006-03-08 22:23, Vulpes Velox <v.velox@vvelox.net> wrote:
 > > Cool. I like the that idea for the savedir. I am some what mixed
 > > about making it longer, but I see the point in making it more
 > > readable though.
 > > [...]
 > > I will have the new patch set pr submitted tomorrow.
 > 
 > Note that the patch still has to be reviewed by one of our rc.d
 > experts, but thank you for considering to make the changes to match
 > some of my suggestions.  Keep the good work up :)))
 > 
 
 Made a few more changes. I just got thinking of the idea of
 eliminating rc.firewall and rc.firewall6 entirely. Will be sending in another patch set shortly.
 
 This set includes load and unload. This will load or unload a set of
 rules. This will unload or load a save, with out flushing.  I have
 also added a new variable. fwcmd2. This is like fwcmd in rc.firewall,
 but has add/delete added to it depending on what it is doing.
 
 
 
 BTW is there any good reason this is included in
 rc.firewall/rc.firewall6 instead of ipfw/ip6fw?
 
 ############
 # Set quiet mode if requested
 #
 case ${firewall_quiet} in
 [Yy][Ee][Ss])
         fwcmd="/sbin/ipfw -q"
         ;;
 *)
         fwcmd="/sbin/ipfw"
         ;;
 esac
 
 
 I see there being no problem moving that into ipfw.
 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX
 Content-Type: text/x-patch; name=ip6fw.diff
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename=ip6fw.diff
 
 18,29d17
 < extra_commands="save load unload"
 < save_cmd="ipfw_save"
 < load_cmd="ipfw_load"
 < unload_cmd="ipfw_unload"
 < 
 < # Gets the name of the save to use.
 < if [ ! -z "$2" ]; then
 < 	savename="$2"
 < 	usingsave="yes"
 < else
 < 	savename="last"
 < fi
 44,82d31
 < ipfw_save()
 < {
 < 	# Saves the firewall rules to /var/db/ipfw/$savename
 < 	[ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
 < 	ipfw list | awk '{print "${fw6cmd2} " $0 }' > /var/db/ipfw/$savename.6
 < }
 < 
 < ipfw_load()
 < {
 < 
 <     # Set quiet mode if requested
 <     case ${firewall_quiet} in
 <     [Yy][Ee][Ss])
 <         fwcmd2="/sbin/ipfw -q add"
 <         ;;
 <     *)
 <         fwcmd2="/sbin/ipfw add"
 <         ;;
 <     esac
 < 
 <     . /var/db/ipfw/$savename.6
 < }
 < 
 < ipfw_unload()
 < {
 < 
 <     # Set quiet mode if requested
 <     case ${firewall_quiet} in
 <     [Yy][Ee][Ss])
 <         fwcmd2="/sbin/ipfw -q delete"
 <         ;;
 <     *)
 <         fwcmd2="/sbin/ipfw delete"
 <         ;;
 <     esac
 < 
 <     . /var/db/ipfw/$savename.6
 < }
 < 
 85,92d33
 < 	# Make sure the save file exists if one is specified.
 < 	if [ ! -z "$usingsave" ]; then
 < 		if [ ! -f "/var/db/ipfw/$savename.6" ]; then
 < 			echo "Specified save does not exist"
 < 			exit 1
 < 		fi
 < 	fi
 < 												
 101c42
 < 		. "${ipv6_firewall_script}" $savename
 ---
 > 		. "${ipv6_firewall_script}"
 
 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX
 Content-Type: text/x-patch; name=ipfw.diff
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename=ipfw.diff
 
 19,30d18
 < extra_commands="save load unload"
 < save_cmd="ipfw_save"
 < load_cmd="ipfw_load"
 < unload_cmd="ipfw_unload"
 < 
 < #gets the name of the save to use
 < if [ ! -z "$2" ]; then
 < 	savename="$2"
 < 	usingsave="yes"
 < else
 < 	savename="last"
 < fi
 44,82d31
 < ipfw_save()
 < {
 <       # Saves the firewall rules to /var/db/ipfw/$savename
 < 	[ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw
 < 	ipfw list | awk '{print "${fwcmd2} " $0 }' > /var/db/ipfw/$savename
 < }
 < 
 < ipfw_load()
 < {
 < 
 <     # Set quiet mode if requested
 <     case ${firewall_quiet} in
 <     [Yy][Ee][Ss])
 < 	fwcmd2="/sbin/ipfw -q add"
 < 	;;
 <     *)
 < 	fwcmd2="/sbin/ipfw add"
 < 	;;
 <     esac
 < 
 <     . /var/db/ipfw/$savename
 < }
 < 
 < ipfw_unload()
 < {
 < 
 <     # Set quiet mode if requested
 <     case ${firewall_quiet} in
 <     [Yy][Ee][Ss])
 < 	fwcmd2="/sbin/ipfw -q delete"
 < 	;;
 <     *)
 < 	fwcmd2="/sbin/ipfw delete"
 < 	;;
 <     esac
 < 
 <     . /var/db/ipfw/$savename
 < }
 < 
 85,92d33
 < 	# Make sure the save file exists if one is specified
 < 	if [ ! -z "$usingsave" ]; then
 < 		if [ ! -f "/var/db/ipfw/$savename" ]; then
 < 		    echo "Specified save does not exist"
 < 		    exit 1
 < 		fi
 < 	fi
 < 
 97c38
 < 		. "${firewall_script}" $savename
 ---
 > 		. "${firewall_script}"
 
 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX
 Content-Type: text/x-patch; name=rc.firewall.diff
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename=rc.firewall.diff
 
 146,158d145
 < 	
 < [Ss][Aa][Vv][Ee])
 < 	# Gets the name of the save to use.
 < 	if [ ! -z "$1" ]; then
 < 		savename="$1"
 < 	else
 < 		savename="last"
 < 	fi
 < 	
 < 	fwcmd2="${fwcmd} add"
 < 	
 < 	. /var/db/ipfw/$savename
 < 	;;
 
 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX
 Content-Type: text/x-patch; name=rc.firewall6.diff
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename=rc.firewall6.diff
 
 108,120d107
 < [Ss][Aa][Vv][Ee])
 <       # Gets the name of the save to use.
 < 	if [ ! -z "$1" ]; then
 < 		savename="$1"
 < 	else
 < 		savename="last"
 < 	fi
 < 
 < 	fw6cmd2="${fw6cmd} add"
 < 
 < 	. /var/db/ipfw/$savename.6
 < 	;;
 < 
 
 --MP_mS8Ucp6Sl2z5XmLbi.CVHUX--