Page MenuHomeFreeBSD
Differential D57679

rc.firewall: Support on-disk lists
ClosedPublic
Actions

Authored by des on Fri, Jun 19, 6:54 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jun 26, 1:20 PM
Unknown Object (File)
Thu, Jun 25, 10:19 PM
Unknown Object (File)
Thu, Jun 25, 11:20 AM
Unknown Object (File)
Wed, Jun 24, 1:57 PM
Unknown Object (File)
Wed, Jun 24, 1:33 AM
Unknown Object (File)
Wed, Jun 24, 12:22 AM
Unknown Object (File)
Tue, Jun 23, 1:06 AM
Unknown Object (File)
Mon, Jun 22, 1:29 PM
View All 10 Files
Subscribers
allanjude
imp
kevans

Details

Reviewers
allanjude
Group Reviewers
rc
Commits
rGa71abf38e2b4: rc.firewall: Support on-disk lists
Summary

For firewall_allowservices and firewall_trusted, if an element of the
list looks like an absolute path, read the file, skipping comments and
blank lines, and treat the first word on each line as an address or
subnet to be added to the list.

We should probably be using tables instead, but this is still an
improvement over the status quo ante.

MFC after: 1 week
Relnotes: yes

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 74254
Build 71137: arc lint + arc unit

Event Timeline

des created this revision.Fri, Jun 19, 6:54 PM
Herald added a subscriber: imp. · View Herald TranscriptFri, Jun 19, 6:54 PM
des requested review of this revision.Fri, Jun 19, 6:54 PM
Harbormaster completed remote builds in B74021: Diff 180089.Fri, Jun 19, 6:54 PM
des added a parent revision: D57678: rc.firewall: Use checkyesno for boolean variables.Fri, Jun 19, 6:54 PM
des added a reviewer: rc.Sat, Jun 20, 11:19 AM
allanjude added a subscriber: allanjude.Thu, Jun 25, 12:47 PM
allanjude added inline comments.
libexec/rc/rc.firewall
474

Should we require that files be absolute paths, so that there isn't the chance of "accidentally" loading a file that happens to have a name collision with an hostname or ip address?

kevans added a subscriber: kevans.Thu, Jun 25, 1:56 PM
des updated this revision to Diff 180628.Thu, Jun 25, 3:44 PM

check for absolute path

Harbormaster completed remote builds in B74254: Diff 180628.Thu, Jun 25, 3:44 PM
des edited the summary of this revision. (Show Details)Thu, Jun 25, 3:44 PM
des edited the summary of this revision. (Show Details)
des updated this revision to Diff 180629.Thu, Jun 25, 3:46 PM

;;

Harbormaster completed remote builds in B74255: Diff 180629.Thu, Jun 25, 3:46 PM
des updated this revision to Diff 180630.Thu, Jun 25, 3:47 PM

I forgot there were two lists...

Harbormaster completed remote builds in B74256: Diff 180630.Thu, Jun 25, 3:47 PM
des marked an inline comment as done.Thu, Jun 25, 3:48 PM
allanjude accepted this revision.Fri, Jun 26, 2:21 PM
This revision is now accepted and ready to land.Fri, Jun 26, 2:21 PM
Closed by commit rGa71abf38e2b4: rc.firewall: Support on-disk lists (authored by des). · Explain WhyFri, Jun 26, 2:40 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rGa71abf38e2b4: rc.firewall: Support on-disk lists.

Revision Contents
Changeset List

PathSize
libexec/
rc/
11 lines
39 lines

Diff 180628

View Options

libexec/rc/rc.conf

Loading...
View Options

libexec/rc/rc.firewall

Loading...