From db97c662cfa859e88631f6956bf5a8456985cede Mon Sep 17 00:00:00 2001 From: "Daniel C. Sobral" Date: Wed, 6 Jun 2001 19:34:02 +0000 Subject: [PATCH] Use ${EDITOR} as claimed. Source rc.conf and use ${firewall_script} instead of rc.firewall. Textwidth formatting of comments and text. PR: Submitted by: Maxim (sorry if I got name/email/committer status wrong :) --- share/examples/ipfw/change_rules.sh | 67 ++++++++++++++++------------- 1 file changed, 38 insertions(+), 29 deletions(-) diff --git a/share/examples/ipfw/change_rules.sh b/share/examples/ipfw/change_rules.sh index 43bfaf8a4db..ee6f0c85914 100755 --- a/share/examples/ipfw/change_rules.sh +++ b/share/examples/ipfw/change_rules.sh @@ -28,27 +28,36 @@ # Change ipfw(8) rules with safety guarantees for remote operation # -# Invoke this script to edit rc.firewall. It will call ${EDITOR}, or -# vi(1) if the environment variable is not set, for you to edit rc.firewall, -# asks for confirmation and then run rc.firewall. You can then examine -# the output of ipfw list and confirm whether you want the new version or -# not. +# Invoke this script to edit ${firewall_script}. It will call ${EDITOR}, +# or vi(1) if the environment variable is not set, for you to edit +# ${firewall_script}, asks for confirmation and then run +# ${firewall_script}. You can then examine the output of ipfw list and +# confirm whether you want the new version or not. # -# If no answer is received in 30 seconds, the previous rc.firewall is -# run, restoring the old rules (this assumes ipfw flush is present in -# it). +# If no answer is received in 30 seconds, the previous +# ${firewall_script} is run, restoring the old rules (this assumes ipfw +# flush is present in it). # -# If the new rules are confirmed, they'll replace rc.firewall and the -# previous ones will be copied to rc.firewall.{date}. A mail will also -# be sent to root with the unified diffs of the rule change. +# If the new rules are confirmed, they'll replace ${firewall_script} and +# the previous ones will be copied to ${firewall_script}.{date}. A mail +# will also be sent to root with the unified diffs of the rule change. # -# Non-approved rules are kept in rc.firewall.new, and you are offered -# the option of changing them instead of the present rules when you -# call this script. +# Non-approved rules are kept in ${firewall_script}.new, and you are +# offered the option of changing them instead of the present rules when +# you call this script. # # It is suggested improving this script by using some version control # software. +if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + +EDITOR=${EDITOR:-/usr/bin/vi} + get_yes_no() { while true do @@ -69,46 +78,46 @@ get_yes_no() { } restore_rules() { - nohup sh /etc/rc.firewall >/dev/null 2>&1 + nohup sh ${firewall_script} >/dev/null 2>&1 exit } -if [ -f /etc/rc.firewall.new ]; then +if [ -f /etc/${firewall_script}.new ]; then get_yes_no "A new rules file already exists, do you want to use it" - [ $a = 'No' ] && cp /etc/rc.firewall /etc/rc.firewall.new + [ $a = 'No' ] && cp ${firewall_script} /etc/${firewall_script}.new else - cp /etc/rc.firewall /etc/rc.firewall.new + cp ${firewall_script} /etc/${firewall_script}.new fi trap restore_rules SIGHUP -vi /etc/rc.firewall.new +${EDITOR} /etc/${firewall_script}.new get_yes_no "Do you want to install the new rules" [ $a = 'No' ] && exit cat < /tmp/rc.firewall.out 2>&1; +nohup sh /etc/${firewall_script}.new > /tmp/${firewall_script}.out 2>&1; sleep 2; get_yes_no "Would you like to see the resulting new rules" -[ $a = 'Yes' ] && vi /tmp/rc.firewall.out +[ $a = 'Yes' ] && ${EDITOR} /tmp/${firewall_script}.out get_yes_no "Type y to keep the new rules" [ $a != 'Yes' ] && restore_rules DATE=`date "+%Y%m%d%H%M"` -cp /etc/rc.firewall /etc/rc.firewall.$DATE -mv /etc/rc.firewall.new /etc/rc.firewall +cp ${firewall_script} /etc/${firewall_script}.$DATE +mv /etc/${firewall_script}.new ${firewall_script} cat <