Date: Sat, 7 Feb 2015 10:40:22 -0800 (PST) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: Arthur Chance <freebsd@qeng-ho.org> Cc: questions@freebsd.org Subject: Re: IPFW script that supports some kind of rc.d directory? Message-ID: <alpine.BSF.2.00.1502071007000.16762@prime.gushi.org> In-Reply-To: <54D5EC86.6050806@qeng-ho.org> References: <alpine.BSF.2.00.1502070159120.13139@prime.gushi.org> <54D5EC86.6050806@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Feb 2015, Arthur Chance wrote: > On 07/02/2015 10:02, Dan Mahoney, System Admin wrote: >> Hey all, >> >> This seems like the kind of thing that people have needed often enough >> -- for example when you want to have specific ipfw rules for specific >> installed services, and your ipfw config to be multiple files loaded in >> some kind of order, but my google-fu is failing me. >> >> Failing that, I know FreeBSD has some rcorder, which might be usable for >> this, but I don't know if it's extensible to a whole separate class of >> things (or if trying to do that is overkill). >> >> Is this a problem someone else has had/solved before? >> > > I've no idea if someone has already done this, but the final form of ipfw in > the manual is > > ipfw [-cfnNqS] [-p preproc [preproc-flags]] pathname > > Using cpp as the preprocessor (or maybe m4 if you're a quote loving masochist > :-) would let you use #include or the equivalent. That's not quite up what > you're asking, but a start. m4 with syscmd and (s)include would go further. Assuming I numbered the rules files like old sys-v rcfiles, It could be as simple as: for i in `ls /etc/rc.ipfw.d | sort` do cat $i >> $file done ipfw $file Or even: for i in `ls /etc/rc.ipfw.d | sort` do ipfw $file done But I can't imagine with the prevalance of puppet, cfengine and ansible and other things these days, someone hasn't come up with something prettier, something that doesn't let rule 19 out of 20 crash the whole thing, and perhaps something that lets you compare the built rules with the running ruleset. I'd love to see base gain such a thing, such that if you set $firewall_type=a directory, rather than a file, this just happened. -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1502071007000.16762>