Date: Thu, 30 Mar 2017 02:05:26 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Wayne Sierke <ws@au.dyndns.ws> Cc: David Mehler <dave.mehler@gmail.com>, Ralf Mardorf <ralf.mardorf@rocketmail.com>, freebsd-questions@freebsd.org Subject: Re: Two pf questions Message-ID: <20170330012122.B88822@sola.nimnet.asn.au> In-Reply-To: <mailman.91.1490788802.60884.freebsd-questions@freebsd.org> References: <mailman.91.1490788802.60884.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 669, Issue 4, Message: 4
On Wed, 29 Mar 2017 13:09:02 +1030 Wayne Sierke <ws@au.dyndns.ws> wrote:
> On Tue, 2017-03-28 at 20:29 +0200, Ralf Mardorf via freebsd-questions
> wrote:
> > Hi,
> >
> > while I won't add such an exit status loop as I mentioned by an earlier
> > reply, I still would be careful with file names in /tmp and also
> > consider to make the commands of a "command chain" conditional of the
> > preceding commands.
You can do the latter as long as you have clear indication of just which
command went wrong, if one does. Sometimes functionality beats elegance
and David's script did its job; but on the point about tempfile naming:
> > Instead of
> >
> > ? cp /etc/pf/bruteforce /tmp/foobar.txt
> > ? pfctl -t bruteforce -T show >> /tmp/foobar.txt
> > ? sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
> >
> > I would use something similar to
> >
> > ? tmp_suffix="-$$-$(mcookie)"
> > ? cp /etc/pf/bruteforce /tmp/bruteforce$tmp_suffix && \
> > ? pfctl -t bruteforce -T show >> /tmp/bruteforce$tmp_suffix && \
> > ? sort -u -n /tmp/bruteforce$tmp_suffix > /etc/pf/bruteforce
> >
> > I wouldn't use $$ and $(mcookie) together, perhaps just $(mcookie) or $$
[ Is mcookie(?) a Linux thing? Or something newer than FreeBSD 9? ]
> > plus the date and time including seconds or something else unique or
> > at least add "$(id -u)" to the PID. "-$$-$(mcookie)" is just an example,
> > as "foobar.txt" was just an example, too.
Adding datestamps or such to a tempfile that is to be deleted in a
millisecond or so seems rather overkill when $$ is already unique.
> > Regards,
> > Ralf
>
> Is there any reason that mktemp(1) is not adequate here, or not
> desireable?
None at all.
> Perhaps this:
>
> bf_temp=`mktemp -t bruteforce.`
> cp /etc/pf/bruteforce ${bf_temp} ...
> etc.
Sure, or even just:
tempfile=/tmp/`basename $0`.$$
David's script really only needed one tempfile name, overwritten by his
second stanza, and then deleted. Even if there were two of this script
running at the same time (an error in any case) they have unique PIDs.
And non-deleted tempfiles can be useful signals or debugging aids :)
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170330012122.B88822>