Date: Mon, 29 Aug 2022 21:36:32 -0700 From: "Dan Mahoney (Ports)" <freebsd@gushi.org> To: questions@freebsd.org Subject: Firewall rules in a directory Message-ID: <3FAB82EC-2C82-4201-AA47-B1AA92B89677@gushi.org>
next in thread | raw e-mail | index | archive | help
All,
At the dayjob, we=E2=80=99ve taken to putting our ipfw rules into a =
directory using rcorder=E2=80=99able files. This way, each of our =
puppet manifests can drop its own rules into place without having to =
manage a monolithic file.
It=E2=80=99s a simple patch to rc.firewall, where if you set =
firewall_type to a file, it just runs it, but if it=E2=80=99s a =
directory, it would treat it as such:
*)
if [ -r "${firewall_type}" ]; then
if [ -f "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
else
if [ -d "${firewall_type}" ]; then
for fwfile in `rcorder $firewall_type/*`
do
ipfw -q $fwfile;
done
fi
fi
Is there a possibility of getting this into base?
-Dan=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FAB82EC-2C82-4201-AA47-B1AA92B89677>