On 13:22:23 Dec 05, [EMAIL PROTECTED] wrote: > A longer winded version (same idea - Perl ... and no prizes for my code) > > use warnings; > use strict; > > # Get the rules > my $pfctl_rules=`pfctl -s rules`; > > # Get the known services > open(SERVICES,"</etc/services"); > my (@services)=<SERVICES>; > > # Pull out the TCP services > my %services; > foreach my $service (@services) { > if ($service =~ /(.*?)[\s]*([0-9]{1,4})\/tcp/) { > my $service_name=$1; > my $service_port=$2; > $services{$service_name}=$service_port; > } > } > > # Now go through the rules - if we find port = ccc then translate, otherwise > # just print the pftcl line "as is" > foreach my $pfctl_rule (split /\n/,$pfctl_rules) { > if ($pfctl_rule =~ /(.*?)port = ([\D]*?)([\s].*)/) { > my $look_up=""; > if (exists $services{$2}) { > $look_up=$services{$2}; > } > print "$1port = $2($look_up)$3\n"; > } else { > print "$pfctl_rule\n"; > } > } > > Sample (manually altered, obviously): > > # perl pfrules.pl > block drop log all > pass out quick on XXX1 inet proto tcp from (XXX1) to NNN.NNN.NNN.NNN port = > ssh(22) flags S/SA keep state > pass proto udp from any to any port = domain(53) keep state > pass in log on XXX0 inet proto tcp from any to 127.0.0.1 port = 8021 flags > S/SA > keep state > pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = www(80) > flags > S/SA keep state > pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = https(443) > flags S/SA keep state
If I had done this in my patch, probably it would have got accepted. ;) Even now it could be done of course. Just that I thought the "options" way. If there is enough coffee for me in the list, I would do it. ;) -Girish