From owner-freebsd-questions@FreeBSD.ORG Mon Jan 3 18:59:52 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFFF616A4CF for ; Mon, 3 Jan 2005 18:59:52 +0000 (GMT) Received: from grog.secure-computing.net (grog.secure-computing.net [63.228.14.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 781C943D1D for ; Mon, 3 Jan 2005 18:59:50 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from [192.168.1.102] (c-66-41-157-209.mn.client2.attbi.com [66.41.157.209]) (authenticated bits=0)j03IxhD9026473; Mon, 3 Jan 2005 12:59:44 -0600 (CST) (envelope-from ecrist@secure-computing.net) In-Reply-To: <8B357427-5DB7-11D9-89A5-000D93AD26C8@tntluoma.com> References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net> <8B357427-5DB7-11D9-89A5-000D93AD26C8@tntluoma.com> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-6--229955359" Message-Id: <9EC2E236-5DB9-11D9-B56F-000D9333E43C@secure-computing.net> Content-Transfer-Encoding: 7bit From: Eric F Crist Date: Mon, 3 Jan 2005 12:59:39 -0600 To: Timothy Luoma X-Pgp-Agent: GPGMail 1.0.2 X-Mailer: Apple Mail (2.619) X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on grog.secure-computing.net cc: FreeBSD-Questions Questions Subject: Re: my lame attempt at a shell script... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2005 18:59:52 -0000 --Apple-Mail-6--229955359 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Jan 3, 2005, at 12:44 PM, Timothy Luoma wrote: > > On Jan 3, 2005, at 1:19 PM, Eric F Crist wrote: > >> I'm trying to create a shell script for firewalling. What I'm hoping >> to do is create a generic script that looks for variables in >> /etc/rc.conf. I've tried looking at other scripts that use variables >> placed there, but don't understand how to pull the information from >> the file. > > Ah, now I may be a FreeBSD newbie, but I've been doing shell scripts > for a long time. > > What specifically are you trying to pull out of /etc/rc.conf? > > TjL > > ps - that said, why aren't you setting firewall configuration once and > leaving it alone? Well, I'm hoping to put some variables such as grog_firewall_enable, grog_firewall_iif, grog_firewall_oif, and possibly one or two more. These variables will change from one system to another, as this script will be installed on multiple systems. By setting these variables in rc.conf (or any other, separate file), I can change one copy of this script, propagate it throughout a set of servers, without having to customize each one for a particular server. In regards to your ps, I AM setting the config once, but this setup allows me to easily upgrade/improve my ruleset. Besides, I'm learning a lot writing this damn thing. ;) _______________________________________________________ Eric F Crist "I am so smart, S.M.R.T!" Secure Computing Networks -Homer J Simpson --Apple-Mail-6--229955359 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iEYEARECAAYFAkHZlhwACgkQRAAY9knOW+qLPgCgjcglANSfMG56uxcYKgcd5yvy PFgAnRn1E2xLBQjNcwdg0NCNH5AKT4tg =c55f -----END PGP SIGNATURE----- --Apple-Mail-6--229955359--