freebsd-src icon indicating copy to clipboard operation
freebsd-src copied to clipboard
verified publisher icon freebsd

ipfw: Add option for firewall_type to be a directory

Open thegushi opened this issue 4 months ago • 10 comments

If specified, this will run rcorder over a directory. A small subset of examples is also provided for /usr/share/examples

thegushi avatar Aug 28 '25 09:08 thegushi

IIRC this was discussed a bit at BSDCan with @allanjude .

cperciva avatar Aug 28 '25 19:08 cperciva

IIRC this was discussed a bit at BSDCan with @allanjude . Indeed it was. ScaleEngine happened to independently develop basically the exact same solution

allanjude avatar Aug 28 '25 21:08 allanjude

@allanjude Can you take care of landing this (either Dan's version or the ScaleEngine one)? As release engineer I'm fine with this going into 15.0 since it won't change the behaviour for existing configurations.

cperciva avatar Aug 28 '25 21:08 cperciva

I put in a few files to go into the examples directory, but realistically the whole point of this is that users are going to drop their own in.

But because the stock firewall scripts have some good examples for things that you want to do like Bogan blocking, and the rest of that it felt like that was useful and also an example of how a good way to set up pseudo services is. Just like the regular RC.D system has pseudo services.

thegushi avatar Aug 28 '25 21:08 thegushi

And yes, the two examples I didn't mention, but did in my talk or: if you're using something like puppet to deploy services, it means that one file can come in with the service then it needs, and also that now since you don't have a model at the firewall file, if a rule fails to load, it doesn't crash the entire stack.

thegushi avatar Aug 28 '25 21:08 thegushi

Thank you for taking the time to contribute to FreeBSD! There is an issue that needs to be fixed:

  • Missing Signed-off-by lines44c664931854ea1e22f2b51db955b894a6b24acc

Please review CONTRIBUTING.md, then update and push your branch again.

github-actions[bot] avatar Sep 11 '25 00:09 github-actions[bot]

I've added the manpage changes. I don't know how to "sign off" on where I synced the branch with upstream, or if I should remove that from the pull, somehow?

thegushi avatar Sep 11 '25 01:09 thegushi

At this point, with the suggested man changes, I believe this can be merged, please?

thegushi avatar Sep 29 '25 21:09 thegushi

Okay, I've used the Github web UI to accept those changes into my branch. I couldn't figure out how to view those suggestions with the gh command line, and I was confused about adding a signed-off-by line on those since those lines of code are your work, not mine. But either way, the corrected man pages should now be part of the source.

thegushi avatar Sep 29 '25 23:09 thegushi

Approved from manpages, cc @allanjude, @markjdb

concussious avatar Sep 30 '25 00:09 concussious