Author: hrs
Date: Thu Jul 23 19:53:49 2015
New Revision: 285821
URL: https://svnweb.freebsd.org/changeset/base/285821
Log:
MFC r273201, r273301:
Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, which
interpreted the listed items as port numbers of TCP services.
A service with no suffix still works and recognized as a TCP service for
backward compatibility. It should be updated with /tcp suffix.
Approved by: re (gjb)
Modified:
stable/10/etc/rc.firewall
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/etc/rc.firewall
==============================================================================
--- stable/10/etc/rc.firewall Thu Jul 23 19:52:03 2015 (r285820)
+++ stable/10/etc/rc.firewall Thu Jul 23 19:53:49 2015 (r285821)
@@ -422,8 +422,8 @@ case ${firewall_type} in
[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
# Configuration:
- # firewall_myservices: List of TCP ports on which this host
- # offers services.
+ # firewall_myservices: List of ports/protocols on which this
+ # host offers services.
# firewall_allowservices: List of IPv4 and/or IPv6 addresses
# that have access to
# $firewall_myservices.
@@ -487,7 +487,25 @@ case ${firewall_type} in
#
for i in ${firewall_allowservices} ; do
for j in ${firewall_myservices} ; do
- ${fwcmd} add pass tcp from $i to me $j
+ case $j in
+ [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo])
+ ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me
+ ;;
+ [0-9A-Za-z]*/[Tt][Cc][Pp])
+ ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]}
+ ;;
+ [0-9A-Za-z]*/[Uu][Dd][Pp])
+ ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]}
+ ;;
+ *[0-9A-Za-z])
+ echo "Consider using ${j}/tcp in firewall_myservices." \
+ > /dev/stderr
+ ${fwcmd} add pass tcp from $i to me $j
+ ;;
+ *)
+ echo "Invalid port in firewall_myservices: $j" > /dev/stderr
+ ;;
+ esac
done
done
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
