Date: Wed, 31 Aug 2022 17:18:35 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266137] rc.firewall: Make it so it supports a directory of rules as well as a monolithic file Message-ID: <bug-266137-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266137 Bug ID: 266137 Summary: rc.firewall: Make it so it supports a directory of rules as well as a monolithic file Product: Base System Version: 12.3-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: freebsd@gushi.org At the day job, we have taken to deploying our firewall rules as service related, which means we have an /etc/ipfw.d directory that has all our rules in it, which are run through rcorder. (This way, when we deploy a service with puppet, we can drop in the corresponding rules as well). This would bring ipfw into harmony with rc.d, syslog.d, newsyslog.d, etc. This is a remarkably simple addition to the stock system: @@ -550,8 +532,21 @@ [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) ;; *) - if [ -r "${firewall_type}" ]; then - ${fwcmd} ${firewall_flags} ${firewall_type} - fi + if [ -r "${firewall_type}" ]; then + if [ -f "${firewall_type}" ]; then + ${fwcmd} ${firewall_flags} ${firewall_type} + else + if [ -d "${firewall_type}" ]; then + for fwfile in `rcorder $firewall_type/*` + do + ipfw -q $fwfile; + done + fi + fi + fi Would there be interest in making this mainline? (I can formally patch against -CURRENT if that's useful). -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266137-227>