From owner-freebsd-current@FreeBSD.ORG Sun Feb 19 02:12:09 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7080F16A420 for ; Sun, 19 Feb 2006 02:12:09 +0000 (GMT) (envelope-from v.velox@vvelox.net) Received: from mail07.powweb.com (mail07.powweb.com [66.152.97.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18C4543D48 for ; Sun, 19 Feb 2006 02:12:09 +0000 (GMT) (envelope-from v.velox@vvelox.net) Received: from vixen42.vulpes (24-119-205-114.cpe.cableone.net [24.119.205.114]) by mail07.powweb.com (Postfix) with ESMTP id 3378A14DAA9 for ; Sat, 18 Feb 2006 18:12:07 -0800 (PST) Date: Sat, 18 Feb 2006 20:21:29 -0600 From: Vulpes Velox Cc: freebsd-current@freebsd.org Message-ID: <20060218202129.60ce8f9c@vixen42.vulpes> In-Reply-To: <20060218170647.497340e7@vixen42.vulpes> References: <20060218170647.497340e7@vixen42.vulpes> X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.12; i386-portbld-freebsd5.4) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_v7rffujN8zALWD2cuj8YW0=" Subject: Re: Changes to IPFW start up scripts. [updated[ X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Feb 2006 02:12:10 -0000 --MP_v7rffujN8zALWD2cuj8YW0= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sat, 18 Feb 2006 17:06:47 -0600 Vulpes Velox wrote: > This adds in the ability to run /etc/rc.d/ipfw save > or /etc/rc.d/ip6fw save. This saves it to /etc/rc.firewall.save > or /etc/rc.firewall6.save. By setting the firewall type to LAST it > the last save will be used. I have updated them to save to /var/db/ipfw/ as suggested by Sean Chittenden. I also fixed the problem with the loopback stuff getting added more than once. It will now accept names for the files. ipfw start dog will use /var/db/ipfw/dog. This applies to save as well. --MP_v7rffujN8zALWD2cuj8YW0= Content-Type: text/x-patch; name=rc.d_ip6fw.patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=rc.d_ip6fw.patch 17a18,27 > extra_commands="save" > save_cmd="ipfw_save" > > # Gets the name of the save to use. > if [ ! -z $2 ]; then > savename="$2" > usingsave="yes" > else > savename="last" > fi 31a42,48 > ipfw_save() > { > # Saves the firewall rules to /var/db/ipfw/$savename > [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw > ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename.6 > } > 33a51,58 > # Make sure the save file exists if one is specified. > if [ ! -z $usingsave ]; then > if [ ! -f "/var/db/ipfw/$savename.6" ]; then > echo "Specified save does not exist" > exit 1 > fi > fi > 42c67 < . "${ipv6_firewall_script}" --- > . "${ipv6_firewall_script}" $savename --MP_v7rffujN8zALWD2cuj8YW0= Content-Type: text/x-patch; name=rc.d_ipfw.patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=rc.d_ipfw.patch 18a19,29 > extra_commands="save" > save_cmd="ipfw_save" > > > #gets the name of the save to use > if [ ! -z $2 ]; then > savename="$2" > usingsave="yes" > else > savename="last" > fi 31a43,49 > ipfw_save() > { > # Saves the firewall rules to /var/db/ipfw/$savename > [ ! -d /var/db/ipfw ] && mkdir /var/db/ipfw && chmod go-rwx /var/db/ipfw > ipfw list | awk '{print "${fwcmd} add " $0 }' > /var/db/ipfw/$savename > } > 33a52,59 > # Make sure the save file exists if one is specified > if [ ! -z $usingsave ]; then > if [ ! -f "/var/db/ipfw/$savename" ]; then > echo "Specified save does not exist" > exit 1 > fi > fi > 38c64 < . "${firewall_script}" --- > . "${firewall_script}" $savename --MP_v7rffujN8zALWD2cuj8YW0= Content-Type: application/octet-stream; name=rc.firewall Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=rc.firewall LS0tIC91c3Ivc3JjL2V0Yy9yYy5maXJld2FsbAlTdW4gTm92ICAyIDA3OjMxOjQ0IDIwMDMKKysr IC9ldGMvcmMuZmlyZXdhbGwJU3VuIEZlYiAxOSAwOTowODo1MiAyMDA2CkBAIC0xNDMsNiArMTQz LDE3IEBACiAJc2V0dXBfbG9vcGJhY2sKIAkke2Z3Y21kfSBhZGQgNjUwMDAgcGFzcyBhbGwgZnJv bSBhbnkgdG8gYW55CiAJOzsKKwkKK1tMbF1bQWFdW1NzXVtUdF0pCisJIyBHZXRzIHRoZSBuYW1l IG9mIHRoZSBzYXZlIHRvIHVzZS4KKwlpZiBbICEgLXogJDEgXTsgdGhlbgorCQlzYXZlbmFtZT0i JDEiCisJZWxzZQorCQlzYXZlbmFtZT0ibGFzdCIKKwlmaQorCQorCS4gL3Zhci9kYi9pcGZ3LyRz YXZlbmFtZQorCTs7CiAKIFtDY11bTGxdW0lpXVtFZV1bTm5dW1R0XSkKIAkjIyMjIyMjIyMjIyMK --MP_v7rffujN8zALWD2cuj8YW0= Content-Type: application/octet-stream; name=rc.firewall6 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=rc.firewall6 LS0tIC91c3Ivc3JjL2V0Yy9yYy5maXJld2FsbDYJU3VuIERlYyAgNCAwODo0ODowNSAyMDA1Cisr KyAvZXRjL3JjLmZpcmV3YWxsNglTdW4gRmViIDE5IDA5OjEzOjIwIDIwMDYKQEAgLTEwNSw2ICsx MDUsMTcgQEAKIAkke2Z3NmNtZH0gYWRkIDY1MDAwIHBhc3MgYWxsIGZyb20gYW55IHRvIGFueQog CTs7CiAKK1tMbF1bQWFdW1NzXVtUdF0pCisgICAgICAgICMgR2V0cyB0aGUgbmFtZSBvZiB0aGUg c2F2ZSB0byB1c2UuCisJaWYgWyAhIC16ICQxIF07IHRoZW4KKwkJc2F2ZW5hbWU9IiQxIgorCWVs c2UKKwkJc2F2ZW5hbWU9Imxhc3QiCisJZmkKKworCS4gL3Zhci9kYi9pcGZ3LyRzYXZlbmFtZS42 CisJOzsKKwogW0NjXVtMbF1bSWldW0VlXVtObl1bVHRdKQogCSMjIyMjIyMjIyMjIwogCSMgVGhp cyBpcyBhIHByb3RvdHlwZSBzZXR1cCB0aGF0IHdpbGwgcHJvdGVjdCB5b3VyIHN5c3RlbSBzb21l d2hhdAo= --MP_v7rffujN8zALWD2cuj8YW0=--