On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote:
I had to set up a linux firewall the other day, and I used the iptables
script generating program shorewall.
While pulling my hair over how ugly the iptables stuff (even via shorewall)
is compared to OpenBSDs nice clean PF syntax, I did find one very nice
feature in shorewall - safe restart.
When safe restarting, shorewall will implement all rules in the iptables
config files, then give the user a prompt: keep rules y/n?
If 'yes' the rules are kept and everyone is happy. If 'no', iptables are
disabled and all traffic let in. If no answer then default to answer 'no'
after 60 seconds.
Very useful, even if just for the added peace of mind when applying new
changes.
Is there a ready made script accomplishing this for openbsd / pf? Or any
plans of building such functionality?
Christian
I think I get what you're asking here... like switching monitor
resolutions and asking you to confirm that it worked by clicking a
button? If you can't see the button, you don't click it, and the old
resolution is reverted after 15 seconds. Right?
I've done this with pf. I used at(1) like anybody would. You can load
a new rule using pfctl -f /etc/pf.conf/new, with an at(1) job to load
/etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it
with /bin/sh.
Personaly I'd hate to see this as an actual 'feature' anywhere. If
everything this trivial was implemented into pfctl I would stop
reading manuals top to bottom. You should look at the command prompt
like a live programming enviroment. I recommend reading "The UNIX
Programming Environment" by Brian W. Kernighan and Rob Pike.
