From owner-freebsd-bugs@FreeBSD.ORG Tue Nov 4 13:40:19 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEB6516A4D1 for ; Tue, 4 Nov 2003 13:40:19 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AED243F85 for ; Tue, 4 Nov 2003 13:40:18 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hA4LeIFY065381 for ; Tue, 4 Nov 2003 13:40:18 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hA4LeIBS065380; Tue, 4 Nov 2003 13:40:18 -0800 (PST) (envelope-from gnats) Resent-Date: Tue, 4 Nov 2003 13:40:18 -0800 (PST) Resent-Message-Id: <200311042140.hA4LeIBS065380@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, David Wolfskill Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BC4716A4CE for ; Tue, 4 Nov 2003 13:32:22 -0800 (PST) Received: from mail.egation.com (frhemail.colo.egation.com [216.218.216.14]) by mx1.FreeBSD.org (Postfix) with SMTP id A041843FE9 for ; Tue, 4 Nov 2003 13:32:19 -0800 (PST) (envelope-from david@mail.egation.com) Received: (qmail 57871 invoked by uid 0); 4 Nov 2003 21:32:16 -0000 Received: from frecnocpc2.noc.egation.com (66.220.15.53) by frhemail.colo.egation.com with SMTP; 4 Nov 2003 21:32:16 -0000 Received: from frecnocpc2.noc.egation.com (localhost [127.0.0.1]) hA4LWG2V074507 for ; Tue, 4 Nov 2003 13:32:16 -0800 (PST) (envelope-from david@frecnocpc2.noc.egation.com) Received: (from david@localhost)hA4LWGdv074506; Tue, 4 Nov 2003 13:32:16 -0800 (PST) (envelope-from david) Message-Id: <200311042132.hA4LWGdv074506@frecnocpc2.noc.egation.com> Date: Tue, 4 Nov 2003 13:32:16 -0800 (PST) From: David Wolfskill To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/58939: dumb little hack for /etc/rc.firewall{,6} X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: David Wolfskill List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2003 21:40:19 -0000 >Number: 58939 >Category: bin >Synopsis: dumb little hack for /etc/rc.firewall{,6} >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Nov 04 13:40:17 PST 2003 >Closed-Date: >Last-Modified: >Originator: David Wolfskill >Release: FreeBSD 4.9-STABLE i386 >Organization: Egation Communications >Environment: System: FreeBSD frecnocpc2.noc.egation.com 4.9-STABLE FreeBSD 4.9-STABLE #11: Wed Oct 29 14:13:41 PST 2003 root@frecnocpc2.noc.egation.com:/common/S1/obj/usr/src/sys/REPO i386 Any FreeBSD box where someone wants to use or explore ipfw. >Description: Basic problem is that I sometimes make mistakes that are obvious in retrospect. :-} So I tend to hack the firewall script with which I start to add at "-t" flag, which prefixes each command with "echo". That way, when it's run with "-t", I can see what ipfw (or ip6fw) commands will be executed. Basically, I thought that this might be useful to others. And yeah, I got tired of hacking it in myself each time. :-} If all else fails, consider it a teaching aid. :-) >How-To-Repeat: N/A >Fix: Here you go. I haven't actually used the rc.firewall6, but after hacking it, I did verify that I could make it spit out commands (and that they even looked plausible). Oh -- sorry; I don't have immediate access to a powered-on -CURRENT box right now. The below ought to work just fine in -CURRENT, though. And my feelings won't be hurt if you use a different way to cause the "test" invocation. "-t" just seemed mnemonic to me. Season to taste; serve when done well. Index: rc.firewall =================================================================== RCS file: /cvs/freebsd/src/etc/rc.firewall,v retrieving revision 1.30.2.16 diff -u -r1.30.2.16 rc.firewall --- rc.firewall 10 Feb 2003 05:45:06 -0000 1.30.2.16 +++ rc.firewall 4 Nov 2003 21:09:05 -0000 @@ -40,6 +40,11 @@ fi fi +if [ "x$1" = "x-t" ]; then + firewall_test="YES" + shift +fi + ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in @@ -99,6 +104,14 @@ ;; *) fwcmd="/sbin/ipfw" + ;; +esac + +case ${firewall_test} in +[Yy][Ee][Ss]) + fwcmd="echo ${fwcmd}" + ;; +*) ;; esac Index: rc.firewall6 =================================================================== RCS file: /cvs/freebsd/src/etc/rc.firewall6,v retrieving revision 1.1.2.11 diff -u -r1.1.2.11 rc.firewall6 --- rc.firewall6 10 Feb 2003 05:45:06 -0000 1.1.2.11 +++ rc.firewall6 4 Nov 2003 21:18:34 -0000 @@ -13,6 +13,11 @@ fi fi +if [ "x$1" = "x-t" ]; then + firewall_test="YES" + shift +fi + ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in @@ -78,6 +83,14 @@ ;; *) fw6cmd="/sbin/ip6fw" + ;; +esac + +case ${firewall_test} in +[Yy][Ee][Ss]) + fw6cmd="echo ${fw6cmd}" + ;; +*) ;; esac >Release-Note: >Audit-Trail: >Unformatted: