From 9baef976499d8287837cc989fab55a308c2b8b60 Mon Sep 17 00:00:00 2001
From: sheldonh <sheldonh@FreeBSD.org>
Date: Sun, 30 Sep 2001 14:30:55 +0000
Subject: 1) Fix change_rules.sh for the case where firewall_type provides the 
   name of a file containing ipfw rules.

2) Replace the use of a predictable temporary filename with one
   generated by mktemp(1).

3) Only exit with a zero exit status if the rules were updated.

4) Use a pager to view the new rules, not an editor.

I was told by dcs that this script's original author is no longer
interested in FreeBSD and would not wish to review this patch.
---
 share/examples/ipfw/change_rules.sh | 58 ++++++++++++++++++++++++++++---------
 1 file changed, 44 insertions(+), 14 deletions(-)

(limited to 'share/examples')

diff --git a/share/examples/ipfw/change_rules.sh b/share/examples/ipfw/change_rules.sh
index b607b36..a92fecb 100755
--- a/share/examples/ipfw/change_rules.sh
+++ b/share/examples/ipfw/change_rules.sh
@@ -57,6 +57,10 @@ elif [ -r /etc/rc.conf ]; then
 fi
 
 EDITOR=${EDITOR:-/usr/bin/vi}
+PAGER=${PAGER:-/usr/bin/more}
+
+tempfoo=`basename $0`
+TMPFILE=`mktemp -t ${tempfoo}` || exit 1
 
 get_yes_no() {
 	while true
@@ -78,24 +82,42 @@ get_yes_no() {
 }
 
 restore_rules() {
-	nohup sh ${firewall_script} >/dev/null 2>&1 
-	exit
+	nohup sh ${firewall_script} >/dev/null 2>&1
+	rm ${TMPFILE}
+	exit 1
 }
 
-if [ -f ${firewall_script}.new ]; then
+case "${firewall_type}" in
+[Cc][Ll][Ii][Ee][Nn][Tt]|\
+[Cc][Ll][Oo][Ss][Ee][Dd]|\
+[Oo][Pp][Ee][Nn]|\
+[Ss][Ii][Mm][Pp][Ll][Ee]|\
+[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
+	edit_file="${firewall_script}"
+	rules_edit=no
+	;;
+*)
+	if [ -r "${firewall_type}" ]; then
+		edit_file="${firewall_type}"
+		rules_edit=yes
+	fi
+	;;
+esac
+
+if [ -f ${edit_file}.new ]; then
 	get_yes_no "A new rules file already exists, do you want to use it"
-	[ $a = 'No' ] && cp ${firewall_script} ${firewall_script}.new
+	[ $a = 'No' ] && cp ${edit_file} ${edit_file}.new
 else 
-	cp ${firewall_script} ${firewall_script}.new
+	cp ${edit_file} ${edit_file}.new
 fi
 
 trap restore_rules SIGHUP
 
-${EDITOR} ${firewall_script}.new
+${EDITOR} ${edit_file}.new
 
 get_yes_no "Do you want to install the new rules"
 
-[ $a = 'No' ] && exit
+[ $a = 'No' ] && exit 1
 
 cat <<!
 The rules will be changed now. If the message 'Type y to keep the new
@@ -105,19 +127,27 @@ The TCP/IP connections might be broken during the change. If so, restore
 the ssh/telnet connection being used.
 !
 
-nohup sh ${firewall_script}.new > /tmp/`basename ${firewall_script}`.out 2>&1;
+if [ ${rules_edit} = yes ]; then
+	nohup sh ${firewall_script} ${firewall_type}.new \
+	    > ${TMPFILE} 2>&1
+else
+	nohup sh ${firewall_script}.new \
+	    > ${TMPFILE} 2>&1
+fi
 sleep 2;
 get_yes_no "Would you like to see the resulting new rules"
-[ $a = 'Yes' ] && ${EDITOR} /tmp/`basename ${firewall_script}`.out
+[ $a = 'Yes' ] && ${PAGER} ${TMPFILE}
 get_yes_no "Type y to keep the new rules"
 [ $a != 'Yes' ] && restore_rules
 
 DATE=`date "+%Y%m%d%H%M"`
-cp ${firewall_script} ${firewall_script}.$DATE
-mv ${firewall_script}.new ${firewall_script} 
+cp ${edit_file} ${edit_file}.$DATE
+mv ${edit_file}.new ${edit_file} 
 cat <<!
 The new rules are now default. The previous rules have been preserved in
-the file ${firewall_script}.$DATE
+the file ${edit_file}.$DATE
 !
-diff -F "^# .*[A-Za-z]" -u ${firewall_script}.$DATE ${firewall_script} | mail -s "`hostname` Firewall rule change" root
-
+diff -F "^# .*[A-Za-z]" -u ${edit_file}.$DATE ${edit_file} \
+    | mail -s "`hostname` Firewall rule change" root
+rm ${TMPFILE}
+exit 0
-- 
cgit v1.1