From owner-freebsd-questions@freebsd.org Wed Mar 29 15:05:46 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7CBA6D2360E for ; Wed, 29 Mar 2017 15:05:46 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CCDA127A8 for ; Wed, 29 Mar 2017 15:05:44 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id v2TF5Qw2009827; Thu, 30 Mar 2017 02:05:27 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 30 Mar 2017 02:05:26 +1100 (EST) From: Ian Smith To: Wayne Sierke cc: David Mehler , Ralf Mardorf , freebsd-questions@freebsd.org Subject: Re: Two pf questions In-Reply-To: Message-ID: <20170330012122.B88822@sola.nimnet.asn.au> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2017 15:05:46 -0000 In freebsd-questions Digest, Vol 669, Issue 4, Message: 4 On Wed, 29 Mar 2017 13:09:02 +1030 Wayne Sierke wrote: > On Tue, 2017-03-28 at 20:29 +0200, Ralf Mardorf via freebsd-questions > wrote: > > Hi, > > > > while I won't add such an exit status loop as I mentioned by an earlier > > reply, I still would be careful with file names in /tmp and also > > consider to make the commands of a "command chain" conditional of the > > preceding commands. You can do the latter as long as you have clear indication of just which command went wrong, if one does. Sometimes functionality beats elegance and David's script did its job; but on the point about tempfile naming: > > Instead of > > > > ? cp /etc/pf/bruteforce /tmp/foobar.txt > > ? pfctl -t bruteforce -T show >> /tmp/foobar.txt > > ? sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce > > > > I would use something similar to > > > > ? tmp_suffix="-$$-$(mcookie)" > > ? cp /etc/pf/bruteforce /tmp/bruteforce$tmp_suffix && \ > > ? pfctl -t bruteforce -T show >> /tmp/bruteforce$tmp_suffix && \ > > ? sort -u -n /tmp/bruteforce$tmp_suffix > /etc/pf/bruteforce > > > > I wouldn't use $$ and $(mcookie) together, perhaps just $(mcookie) or $$ [ Is mcookie(?) a Linux thing? Or something newer than FreeBSD 9? ] > > plus the date and time including seconds or something else unique or > > at least add "$(id -u)" to the PID. "-$$-$(mcookie)" is just an example, > > as "foobar.txt" was just an example, too. Adding datestamps or such to a tempfile that is to be deleted in a millisecond or so seems rather overkill when $$ is already unique. > > Regards, > > Ralf > > Is there any reason that mktemp(1) is not adequate here, or not > desireable? None at all. > Perhaps this: > > bf_temp=`mktemp -t bruteforce.` > cp /etc/pf/bruteforce ${bf_temp} ... > etc. Sure, or even just: tempfile=/tmp/`basename $0`.$$ David's script really only needed one tempfile name, overwritten by his second stanza, and then deleted. Even if there were two of this script running at the same time (an error in any case) they have unique PIDs. And non-deleted tempfiles can be useful signals or debugging aids :) cheers, Ian