Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Mar 2017 13:09:02 +1030
From:      Wayne Sierke <ws@au.dyndns.ws>
To:        Ralf Mardorf <ralf.mardorf@rocketmail.com>, freebsd-questions@freebsd.org
Subject:   Re: Two pf questions
Message-ID:  <1490755142.1981.82.camel@au.dyndns.ws>
In-Reply-To: <20170328202936.74ed1741@archlinux.localdomain>
References:  <CAPORhP4JA_Jak7fL8Ko7wwoxGob=qLDzPLxtTgekoumqQJEGmA@mail.gmail.com> <20170327170941.59c84eec@archlinux.localdomain> <20170327171959.405bbfbb@archlinux.localdomain> <CALfReyfFyj9Gh1Yy%2BzxWH1kAgq%2BkVAGPpjG92keGWAaoMLNSQg@mail.gmail.com> <20170328111655.121ede18@archlinux.localdomain> <20170328111959.400d4761@archlinux.localdomain> <20170328113501.2a5ebf60@archlinux.localdomain> <20170328114541.0ca0d084@archlinux.localdomain> <CAPORhP6BgEoFSbBX_t4h2DwWaG=10nr06isB80cHA3faRCR0Zg@mail.gmail.com> <20170328202936.74ed1741@archlinux.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 2017-03-28 at 20:29 +0200, Ralf Mardorf via freebsd-questions
wrote:
> Hi,
> 
> while I won't add such an exit status loop as I mentioned by an earlier
> reply, I still would be careful with file names in /tmp and also
> consider to make the commands of a "command chain" conditional of the
> preceding commands.
> 
> Instead of
> 
>   cp /etc/pf/bruteforce /tmp/foobar.txt
>   pfctl -t bruteforce -T show >> /tmp/foobar.txt
>   sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
> 
> I would use something similar to
> 
>   tmp_suffix="-$$-$(mcookie)"
>   cp /etc/pf/bruteforce /tmp/bruteforce$tmp_suffix && \
>   pfctl -t bruteforce -T show >> /tmp/bruteforce$tmp_suffix && \
>   sort -u -n /tmp/bruteforce$tmp_suffix > /etc/pf/bruteforce
> 
> I wouldn't use $$ and $(mcookie) together, perhaps just $(mcookie) or $$
> plus the date and time including seconds or something else unique or
> at least add "$(id -u)" to the PID. "-$$-$(mcookie)" is just an example,
> as "foobar.txt" was just an example, too.
> 
> Regards,
> Ralf

Is there any reason that mktemp(1) is not adequate here, or not
desireable?

Perhaps this:

bf_temp=`mktemp -t bruteforce.`
cp /etc/pf/bruteforce ${bf_temp} ...
etc.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1490755142.1981.82.camel>