[Bug 266137] rc.firewall: Make it so it supports a directory of rules as well as a monolithic file
Date: Wed, 31 Aug 2022 17:18:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266137
Bug ID: 266137
Summary: rc.firewall: Make it so it supports a directory of
rules as well as a monolithic file
Product: Base System
Version: 12.3-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: conf
Assignee: bugs@FreeBSD.org
Reporter: freebsd@gushi.org
At the day job, we have taken to deploying our firewall rules as service
related, which means we have an /etc/ipfw.d directory that has all our rules in
it, which are run through rcorder. (This way, when we deploy a service with
puppet, we can drop in the corresponding rules as well). This would bring ipfw
into harmony with rc.d, syslog.d, newsyslog.d, etc.
This is a remarkably simple addition to the stock system:
@@ -550,8 +532,21 @@
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
- if [ -r "${firewall_type}" ]; then
- ${fwcmd} ${firewall_flags} ${firewall_type}
- fi
+ if [ -r "${firewall_type}" ]; then
+ if [ -f "${firewall_type}" ]; then
+ ${fwcmd} ${firewall_flags} ${firewall_type}
+ else
+ if [ -d "${firewall_type}" ]; then
+ for fwfile in `rcorder $firewall_type/*`
+ do
+ ipfw -q $fwfile;
+ done
+ fi
+ fi
+ fi
Would there be interest in making this mainline? (I can formally patch against
-CURRENT if that's useful).
--
You are receiving this mail because:
You are the assignee for the bug.