From owner-freebsd-questions@FreeBSD.ORG  Sun Feb  8 05:19:59 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 800C5CC
 for <questions@freebsd.org>; Sun,  8 Feb 2015 05:19:59 +0000 (UTC)
Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net
 [150.101.137.143])
 by mx1.freebsd.org (Postfix) with ESMTP id 17485929
 for <questions@freebsd.org>; Sun,  8 Feb 2015 05:19:58 +0000 (UTC)
Received: from ppp118-210-122-88.lns20.adl2.internode.on.net (HELO
 leader.local) ([118.210.122.88])
 by ipmail05.adl6.internode.on.net with ESMTP; 08 Feb 2015 15:49:52 +1030
Message-ID: <54D6F1F7.6050107@ShaneWare.Biz>
Date: Sun, 08 Feb 2015 15:49:51 +1030
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Arthur Chance <freebsd@qeng-ho.org>, 
 "Dan Mahoney, System Admin" <danm@prime.gushi.org>, questions@freebsd.org
Subject: Re: IPFW script that supports some kind of rc.d directory?
References: <alpine.BSF.2.00.1502070159120.13139@prime.gushi.org>
 <54D5EC86.6050806@qeng-ho.org>
In-Reply-To: <54D5EC86.6050806@qeng-ho.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Feb 2015 05:19:59 -0000

On 07/02/2015 21:14, Arthur Chance wrote:
> On 07/02/2015 10:02, Dan Mahoney, System Admin wrote:
>> Hey all,
>>
>> This seems like the kind of thing that people have needed often enough
>> -- for example when you want to have specific ipfw rules for specific
>> installed services, and your ipfw config to be multiple files loaded in
>> some kind of order, but my google-fu is failing me.
>>
>> Failing that, I know FreeBSD has some rcorder, which might be usable for
>> this, but I don't know if it's extensible to a whole separate class of
>> things (or if trying to do that is overkill).
>>
>> Is this a problem someone else has had/solved before?
>>
>
> I've no idea if someone has already done this, but the final form of
> ipfw in the manual is
>
> ipfw [-cfnNqS] [-p preproc [preproc-flags]] pathname
>
> Using cpp as the preprocessor (or maybe m4 if you're a quote loving
> masochist :-) would let you use #include or the equivalent. That's not
> quite up what you're asking, but a start. m4 with syscmd and (s)include
> would go further.
>
> I think the major problem would be if different sets of rules had to be
> interleaved. That would require a careful choice of rule numbering.
>

In /etc/rc.conf you can specify firewall_script="/etc/rc.firewall"
- rc.firewall is the system example of ipfw setup.

As /etc/rc.firewall is a shell script you can pull in any other files
you want. The example includes /etc/defaults/rc.conf and /etc/rc.conf
to get variables that it uses. You could set up yours to ls a specific
dir and suckup all the files in it.


-- 
FreeBSD - the place to B...Software Developing

Shane Ambler