Two pf questions

Ian Smith smithi at nimnet.asn.au
Wed Mar 29 15:05:46 UTC 2017 

In freebsd-questions Digest, Vol 669, Issue 4, Message: 4
On Wed, 29 Mar 2017 13:09:02 +1030 Wayne Sierke <ws at au.dyndns.ws> wrote:
 > On Tue, 2017-03-28 at 20:29 +0200, Ralf Mardorf via freebsd-questions
 > wrote:
 > > Hi,
 > > 
 > > while I won't add such an exit status loop as I mentioned by an earlier
 > > reply, I still would be careful with file names in /tmp and also
 > > consider to make the commands of a "command chain" conditional of the
 > > preceding commands.

You can do the latter as long as you have clear indication of just which 
command went wrong, if one does.  Sometimes functionality beats elegance 
and David's script did its job; but on the point about tempfile naming:

 > > Instead of
 > > 
 > > ? cp /etc/pf/bruteforce /tmp/foobar.txt
 > > ? pfctl -t bruteforce -T show >> /tmp/foobar.txt
 > > ? sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
 > > 
 > > I would use something similar to
 > > 
 > > ? tmp_suffix="-$$-$(mcookie)"
 > > ? cp /etc/pf/bruteforce /tmp/bruteforce$tmp_suffix && \
 > > ? pfctl -t bruteforce -T show >> /tmp/bruteforce$tmp_suffix && \
 > > ? sort -u -n /tmp/bruteforce$tmp_suffix > /etc/pf/bruteforce
 > > 
 > > I wouldn't use $$ and $(mcookie) together, perhaps just $(mcookie) or $$
 
[ Is mcookie(?) a Linux thing?  Or something newer than FreeBSD 9? ]

 > > plus the date and time including seconds or something else unique or
 > > at least add "$(id -u)" to the PID. "-$$-$(mcookie)" is just an example,
 > > as "foobar.txt" was just an example, too.

Adding datestamps or such to a tempfile that is to be deleted in a 
millisecond or so seems rather overkill when $$ is already unique.

 > > Regards,
 > > Ralf
 > 
 > Is there any reason that mktemp(1) is not adequate here, or not
 > desireable?

None at all.

 > Perhaps this:
 > 
 > bf_temp=`mktemp -t bruteforce.`
 > cp /etc/pf/bruteforce ${bf_temp} ...
 > etc.

Sure, or even just:

tempfile=/tmp/`basename $0`.$$

David's script really only needed one tempfile name, overwritten by his 
second stanza, and then deleted.  Even if there were two of this script 
running at the same time (an error in any case) they have unique PIDs. 

And non-deleted tempfiles can be useful signals or debugging aids :)

cheers, Ian

More information about the freebsd-questions mailing list