On Jan 3, 2005, at 3:34 PM, Erik Norgaard wrote:
Eric F Crist wrote:
elif [ "$grog_firewall_enable" <> "YES" or "NO" ]
then
echo "Syntax error in /etc/rc.conf file. grog_firewall_enable must be YES or NO"
fi
I don't know if you're on 5.x, nor whether you use ipfw, ipfilter or pf - I wrote a replacement for ipfilter as I got dizzy trying to maintain a too long ruleset so I wanted to split it into multiple files.
On 5.x things get a lot simpler. In /etc/rc.d there are plenty of scripts to look at - don't look at rc.firewall.
The scripts in /etc/rc.d are executed as ordered by rcorder(8).
Create your script and load rc.subr:
. /etc/rc.subr
which gives you a lot of predefined handy functions. Set the "name" variable in the script, eg:
name="grog" # Name of my firewall script
it is customary to call the script the same. Follow by
load_rc_config=$name
most scripts then just includes the line
run_rc_command "$1"
- everything is defined by the functions in rc.subr. Now, you can set the commands to be run and define them in your script, see eg. ipfilter.
rc.subr also contains a "checkyesno" function answering your question above - however, it is normal to check "[Yy][Ee][Ss]" and treat everything else as a no. After all, what are you gonna do if you only accept "yes" or "no" but some one typed "yeah right"? You must have a default action.
Sorry for the double reply, but I forgot to respond to the top half of this email. By including /etc/rc.subr, what exactly do I gain? There are already built-in means to execute a custom firewall script:
firewall_enable
(bool) Set to ``YES'' to load firewall rules at startup. If
the kernel was not built with options IPFIREWALL, the ipfw.ko
kernel module will be loaded. See also ipfilter_enable.
ipv6_firewall_enable
(bool) The IPv6 equivalent of firewall_enable. Set to
``YES'' to load IPv6 firewall rules at startup. If the ker-
nel was not built with options IPV6FIREWALL, the ip6fw.ko
kernel module will be loaded.
firewall_script
(str) This variable specifies the full path to the firewall
script to run. The default is /etc/rc.firewall.
I would assume that the system would institute my firewall rules at the correct stage of startup, and thus, don't really want to mess with that. Please enlighten me as to rc.subr and it's benefits. I'm new to shell scripting, and I need all the knowledge I can gain.
Thanks. _______________________________________________________ Eric F Crist "I am so smart, S.M.R.T!" Secure Computing Networks -Homer J Simpson
PGP.sig
Description: This is a digitally signed message part
