Two pf questions
Ralf Mardorf
ralf.mardorf at rocketmail.com
Tue Mar 28 18:32:01 UTC 2017
Hi,
while I won't add such an exit status loop as I mentioned by an earlier
reply, I still would be careful with file names in /tmp and also
consider to make the commands of a "command chain" conditional of the
preceding commands.
Instead of
cp /etc/pf/bruteforce /tmp/foobar.txt
pfctl -t bruteforce -T show >> /tmp/foobar.txt
sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
I would use something similar to
tmp_suffix="-$$-$(mcookie)"
cp /etc/pf/bruteforce /tmp/bruteforce$tmp_suffix && \
pfctl -t bruteforce -T show >> /tmp/bruteforce$tmp_suffix && \
sort -u -n /tmp/bruteforce$tmp_suffix > /etc/pf/bruteforce
I wouldn't use $$ and $(mcookie) together, perhaps just $(mcookie) or $$
plus the date and time including seconds or something else unique or
at least add "$(id -u)" to the PID. "-$$-$(mcookie)" is just an example,
as "foobar.txt" was just an example, too.
Regards,
Ralf
More information about the freebsd-questions
mailing list