|
Lines 30-36
Link Here
|
| 30 |
# |
30 |
# |
| 31 |
# Invoke this script to edit ${firewall_script}. It will call ${EDITOR}, |
31 |
# Invoke this script to edit ${firewall_script}. It will call ${EDITOR}, |
| 32 |
# or vi(1) if the environment variable is not set, for you to edit |
32 |
# or vi(1) if the environment variable is not set, for you to edit |
| 33 |
# ${firewall_script}, asks for confirmation and then run |
33 |
# ${firewall_script}, ask for confirmation, and then run |
| 34 |
# ${firewall_script}. You can then examine the output of ipfw list and |
34 |
# ${firewall_script}. You can then examine the output of ipfw list and |
| 35 |
# confirm whether you want the new version or not. |
35 |
# confirm whether you want the new version or not. |
| 36 |
# |
36 |
# |
|
Lines 39-52
Link Here
|
| 39 |
# flush is present in it). |
39 |
# flush is present in it). |
| 40 |
# |
40 |
# |
| 41 |
# If the new rules are confirmed, they'll replace ${firewall_script} and |
41 |
# If the new rules are confirmed, they'll replace ${firewall_script} and |
| 42 |
# the previous ones will be copied to ${firewall_script}.{date}. A mail |
42 |
# the previous ones will be copied to ${firewall_script}.{date}. Mail |
| 43 |
# will also be sent to root with the unified diffs of the rule change. |
43 |
# will also be sent to root with a unified diff of the rule change. |
| 44 |
# |
44 |
# |
| 45 |
# Non-approved rules are kept in ${firewall_script}.new, and you are |
45 |
# Unapproved rules are kept in ${firewall_script}.new, and you are |
| 46 |
# offered the option of changing them instead of the present rules when |
46 |
# offered the option of changing them instead of the present rules when |
| 47 |
# you call this script. |
47 |
# you call this script. |
| 48 |
# |
48 |
# |
| 49 |
# It is suggested improving this script by using some version control |
49 |
# This script could be improved by using version control |
| 50 |
# software. |
50 |
# software. |
| 51 |
|
51 |
|
| 52 |
if [ -r /etc/defaults/rc.conf ]; then |
52 |
if [ -r /etc/defaults/rc.conf ]; then |
|
Lines 121-128
Link Here
|
| 121 |
|
121 |
|
| 122 |
cat <<! |
122 |
cat <<! |
| 123 |
The rules will be changed now. If the message 'Type y to keep the new |
123 |
The rules will be changed now. If the message 'Type y to keep the new |
| 124 |
rules' do not appear on the screen or the y key is not pressed in 30 |
124 |
rules' does not appear on the screen or the y key is not pressed in 30 |
| 125 |
seconds, the former rules will be restored. |
125 |
seconds, the current rules will be restored. |
| 126 |
The TCP/IP connections might be broken during the change. If so, restore |
126 |
The TCP/IP connections might be broken during the change. If so, restore |
| 127 |
the ssh/telnet connection being used. |
127 |
the ssh/telnet connection being used. |
| 128 |
! |
128 |
! |
|
Lines 144-150
Link Here
|
| 144 |
cp ${edit_file} ${edit_file}.$DATE |
144 |
cp ${edit_file} ${edit_file}.$DATE |
| 145 |
mv ${edit_file}.new ${edit_file} |
145 |
mv ${edit_file}.new ${edit_file} |
| 146 |
cat <<! |
146 |
cat <<! |
| 147 |
The new rules are now default. The previous rules have been preserved in |
147 |
The new rules are now installed. The previous rules have been preserved in |
| 148 |
the file ${edit_file}.$DATE |
148 |
the file ${edit_file}.$DATE |
| 149 |
! |
149 |
! |
| 150 |
diff -F "^# .*[A-Za-z]" -u ${edit_file}.$DATE ${edit_file} \ |
150 |
diff -F "^# .*[A-Za-z]" -u ${edit_file}.$DATE ${edit_file} \ |