Date: Tue, 04 Jan 2005 09:56:14 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Eric F Crist <ecrist@secure-computing.net> Cc: FreeBSD-Questions Questions <freebsd-questions@freebsd.org> Subject: Re: my lame attempt at a shell script... Message-ID: <41DA5A2E.6000609@locolomo.org> In-Reply-To: <691E6E58-5DD3-11D9-B56F-000D9333E43C@secure-computing.net> References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net> <15416223037.20050103193803@hexren.net> <6074EB8D-5DC6-11D9-89A5-000D93AD26C8@tntluoma.com> <F0BE3E23-5DC8-11D9-B56F-000D9333E43C@secure-computing.net> <41D9BA53.4060105@locolomo.org> <691E6E58-5DD3-11D9-B56F-000D9333E43C@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric F Crist wrote: > Sorry for the double reply, but I forgot to respond to the top half of > this email. By including /etc/rc.subr, what exactly do I gain? There > are already built-in means to execute a custom firewall script: > > I would assume that the system would institute my firewall rules at the > correct stage of startup, and thus, don't really want to mess with > that. Please enlighten me as to rc.subr and it's benefits. I'm new to > shell scripting, and I need all the knowledge I can gain. Including rc.subr has become the standard way of creating scripts for startup of services, rc.diskless has been replaced by initdiskless in rc.d, there are scripts ipfw, ip6fw, ipfilter, and pf for the various firewall options, Currently, ipfw/ip6fw calls rc.firewall/rc.firewall6 respectively. I wouldn't count on rc.firewall to be available in future versions, it would make sense that these are merged into ipfw/ip6fw. rc.subr contains some neat functions, use warn, and your warning is also logged using logger, rc.subr automatically pulls defaults/rc.conf and rc.conf for you, contains the control switch statement you'd otherwise have to write your self, and lots of other goodies, see rc.subr(8). Of course, if you are just writing one script, you might find it too much trouble, but since this is the standard recommended way of doing what you want to do, you win in the long run on maintainablility. Really, what you gain is that you can focus on writing the stuff that makes your script different, rather than writing all the trivialities all scripts need. Cheers, Erik PS: Sorry about that wildshot, " = " for assignment/comparison - too much Perl, C etc. here... :-) -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41DA5A2E.6000609>