From owner-freebsd-current  Wed Sep 18 14:59:33 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DAA0137B404
	for <freebsd-current@freebsd.org>; Wed, 18 Sep 2002 14:59:32 -0700 (PDT)
Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3177343E3B
	for <freebsd-current@freebsd.org>; Wed, 18 Sep 2002 14:59:32 -0700 (PDT)
	(envelope-from thomas@cuivre.fr.eu.org)
Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000)
	id 41D202C3D2; Wed, 18 Sep 2002 23:59:30 +0200 (CEST)
Date: Wed, 18 Sep 2002 23:59:30 +0200
From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: freebsd-current@freebsd.org
Subject: Code factoring in /etc/periodic/security firewall checks
Message-ID: <20020918235930.D58595@melusine.cuivre.fr.eu.org>
Reply-To: thomas@cuivre.fr.eu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-message-flag: WARNING! Using Outlook can damage your computer.
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Being a user of ipfilter, I always longed for it to benefit from
the same treatment as ipfw in daily security checks, so I
undertook the implementation of an ipf equivalent of 500.ipfwdenied.
In the course of that, I noticed that much of that script was
non-trivial *and* duplicated wrt 600.ip6fwdenied *and* would be
duplicated in my own ipfdenied script.

Consequently, I would like to propose that most of the complexity
of these scripts be factored out into a common file, which could
then also be harnessed for ipfilter. And since after moaning for
a change I'd be expected to put my code where my mouth is, a
patch against -CURRENT is available for your perusal and
comments from:

http://www.cuivre.fr.eu.org/~thomas/periodic-fw.diff

Thomas.

-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message