summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
authorsheldonh <sheldonh@FreeBSD.org>2001-09-30 14:30:55 +0000
committersheldonh <sheldonh@FreeBSD.org>2001-09-30 14:30:55 +0000
commit9baef976499d8287837cc989fab55a308c2b8b60 (patch)
tree3a48920f3d416e724d24279395ae80ce484ac725 /share
parente0692fbb199c113f979d93b699c9a39e8b03c37e (diff)
downloadFreeBSD-src-9baef976499d8287837cc989fab55a308c2b8b60.zip
FreeBSD-src-9baef976499d8287837cc989fab55a308c2b8b60.tar.gz
1) Fix change_rules.sh for the case where firewall_type provides the
name of a file containing ipfw rules. 2) Replace the use of a predictable temporary filename with one generated by mktemp(1). 3) Only exit with a zero exit status if the rules were updated. 4) Use a pager to view the new rules, not an editor. I was told by dcs that this script's original author is no longer interested in FreeBSD and would not wish to review this patch.
Diffstat (limited to 'share')
-rwxr-xr-xshare/examples/ipfw/change_rules.sh58
1 files changed, 44 insertions, 14 deletions
diff --git a/share/examples/ipfw/change_rules.sh b/share/examples/ipfw/change_rules.sh
index b607b36..a92fecb 100755
--- a/share/examples/ipfw/change_rules.sh
+++ b/share/examples/ipfw/change_rules.sh
@@ -57,6 +57,10 @@ elif [ -r /etc/rc.conf ]; then
fi
EDITOR=${EDITOR:-/usr/bin/vi}
+PAGER=${PAGER:-/usr/bin/more}
+
+tempfoo=`basename $0`
+TMPFILE=`mktemp -t ${tempfoo}` || exit 1
get_yes_no() {
while true
@@ -78,24 +82,42 @@ get_yes_no() {
}
restore_rules() {
- nohup sh ${firewall_script} >/dev/null 2>&1
- exit
+ nohup sh ${firewall_script} >/dev/null 2>&1
+ rm ${TMPFILE}
+ exit 1
}
-if [ -f ${firewall_script}.new ]; then
+case "${firewall_type}" in
+[Cc][Ll][Ii][Ee][Nn][Tt]|\
+[Cc][Ll][Oo][Ss][Ee][Dd]|\
+[Oo][Pp][Ee][Nn]|\
+[Ss][Ii][Mm][Pp][Ll][Ee]|\
+[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
+ edit_file="${firewall_script}"
+ rules_edit=no
+ ;;
+*)
+ if [ -r "${firewall_type}" ]; then
+ edit_file="${firewall_type}"
+ rules_edit=yes
+ fi
+ ;;
+esac
+
+if [ -f ${edit_file}.new ]; then
get_yes_no "A new rules file already exists, do you want to use it"
- [ $a = 'No' ] && cp ${firewall_script} ${firewall_script}.new
+ [ $a = 'No' ] && cp ${edit_file} ${edit_file}.new
else
- cp ${firewall_script} ${firewall_script}.new
+ cp ${edit_file} ${edit_file}.new
fi
trap restore_rules SIGHUP
-${EDITOR} ${firewall_script}.new
+${EDITOR} ${edit_file}.new
get_yes_no "Do you want to install the new rules"
-[ $a = 'No' ] && exit
+[ $a = 'No' ] && exit 1
cat <<!
The rules will be changed now. If the message 'Type y to keep the new
@@ -105,19 +127,27 @@ The TCP/IP connections might be broken during the change. If so, restore
the ssh/telnet connection being used.
!
-nohup sh ${firewall_script}.new > /tmp/`basename ${firewall_script}`.out 2>&1;
+if [ ${rules_edit} = yes ]; then
+ nohup sh ${firewall_script} ${firewall_type}.new \
+ > ${TMPFILE} 2>&1
+else
+ nohup sh ${firewall_script}.new \
+ > ${TMPFILE} 2>&1
+fi
sleep 2;
get_yes_no "Would you like to see the resulting new rules"
-[ $a = 'Yes' ] && ${EDITOR} /tmp/`basename ${firewall_script}`.out
+[ $a = 'Yes' ] && ${PAGER} ${TMPFILE}
get_yes_no "Type y to keep the new rules"
[ $a != 'Yes' ] && restore_rules
DATE=`date "+%Y%m%d%H%M"`
-cp ${firewall_script} ${firewall_script}.$DATE
-mv ${firewall_script}.new ${firewall_script}
+cp ${edit_file} ${edit_file}.$DATE
+mv ${edit_file}.new ${edit_file}
cat <<!
The new rules are now default. The previous rules have been preserved in
-the file ${firewall_script}.$DATE
+the file ${edit_file}.$DATE
!
-diff -F "^# .*[A-Za-z]" -u ${firewall_script}.$DATE ${firewall_script} | mail -s "`hostname` Firewall rule change" root
-
+diff -F "^# .*[A-Za-z]" -u ${edit_file}.$DATE ${edit_file} \
+ | mail -s "`hostname` Firewall rule change" root
+rm ${TMPFILE}
+exit 0
OpenPOWER on IntegriCloud