Page MenuHomeFreeBSD
Differential D57679

rc.firewall: Support on-disk lists
Needs ReviewPublic
Actions

Authored by des on Fri, Jun 19, 6:54 PM.
Tags
None
Referenced Files
F160584653: D57679.diff
Thu, Jun 25, 10:19 PM
F160537963: D57679.id180089.diff
Thu, Jun 25, 11:20 AM
Unknown Object (File)
Wed, Jun 24, 1:57 PM
Unknown Object (File)
Wed, Jun 24, 1:33 AM
Unknown Object (File)
Wed, Jun 24, 12:22 AM
Unknown Object (File)
Tue, Jun 23, 1:06 AM
Unknown Object (File)
Mon, Jun 22, 1:29 PM
Unknown Object (File)
Sun, Jun 21, 2:28 PM
View All 9 Files
Subscribers
allanjude
imp
kevans

Details

Reviewers
None
Group Reviewers
rc
Summary

For firewall_allowservices and firewall_trusted, if an element of the
list looks like an absolute path, read the file, skipping comments and
blank lines, and treat the first word on each line as an address or
subnet to be added to the list.

We should probably be using tables instead, but this is still an
improvement over the status quo ante.

MFC after: 1 week
Relnotes: yes

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 74021
Build 70904: arc lint + arc unit

Event Timeline

des created this revision.Fri, Jun 19, 6:54 PM
Herald added a subscriber: imp. · View Herald TranscriptFri, Jun 19, 6:54 PM
des requested review of this revision.Fri, Jun 19, 6:54 PM
Harbormaster completed remote builds in B74021: Diff 180089.Fri, Jun 19, 6:54 PM
des added a parent revision: D57678: rc.firewall: Use checkyesno for boolean variables.Fri, Jun 19, 6:54 PM
des added a reviewer: rc.Sat, Jun 20, 11:19 AM
allanjude added a subscriber: allanjude.Thu, Jun 25, 12:47 PM
allanjude added inline comments.
libexec/rc/rc.firewall
474

Should we require that files be absolute paths, so that there isn't the chance of "accidentally" loading a file that happens to have a name collision with an hostname or ip address?

kevans added a subscriber: kevans.Thu, Jun 25, 1:56 PM
des updated this revision to Diff 180628.Thu, Jun 25, 3:44 PM

check for absolute path

Harbormaster completed remote builds in B74254: Diff 180628.Thu, Jun 25, 3:44 PM
des edited the summary of this revision. (Show Details)Thu, Jun 25, 3:44 PM
des edited the summary of this revision. (Show Details)
des updated this revision to Diff 180629.Thu, Jun 25, 3:46 PM

;;

Harbormaster completed remote builds in B74255: Diff 180629.Thu, Jun 25, 3:46 PM
des updated this revision to Diff 180630.Thu, Jun 25, 3:47 PM

I forgot there were two lists...

Harbormaster completed remote builds in B74256: Diff 180630.Thu, Jun 25, 3:47 PM
des marked an inline comment as done.Thu, Jun 25, 3:48 PM

Revision Contents
Changeset List

PathSize
libexec/
rc/
11 lines
37 lines

Diff 180089

View Options

libexec/rc/rc.conf

Loading...
View Options

libexec/rc/rc.firewall

Loading...