From david@mail.egation.com  Tue Nov  4 13:32:22 2003
Return-Path: <david@mail.egation.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7BC4716A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Nov 2003 13:32:22 -0800 (PST)
Received: from mail.egation.com (frhemail.colo.egation.com [216.218.216.14])
	by mx1.FreeBSD.org (Postfix) with SMTP id A041843FE9
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Nov 2003 13:32:19 -0800 (PST)
	(envelope-from david@mail.egation.com)
Received: (qmail 57871 invoked by uid 0); 4 Nov 2003 21:32:16 -0000
Received: from frecnocpc2.noc.egation.com (66.220.15.53)
  by frhemail.colo.egation.com with SMTP; 4 Nov 2003 21:32:16 -0000
Received: from frecnocpc2.noc.egation.com (localhost [127.0.0.1])
	by frecnocpc2.noc.egation.com (8.12.9p2/8.12.9) with ESMTP id hA4LWG2V074507
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 4 Nov 2003 13:32:16 -0800 (PST)
	(envelope-from david@frecnocpc2.noc.egation.com)
Received: (from david@localhost)
	by frecnocpc2.noc.egation.com (8.12.9p2/8.12.9/Submit) id hA4LWGdv074506;
	Tue, 4 Nov 2003 13:32:16 -0800 (PST)
	(envelope-from david)
Message-Id: <200311042132.hA4LWGdv074506@frecnocpc2.noc.egation.com>
Date: Tue, 4 Nov 2003 13:32:16 -0800 (PST)
From: David Wolfskill <david@mail.egation.com>
Reply-To: David Wolfskill <david@mail.egation.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: dumb little hack for /etc/rc.firewall{,6}
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         58939
>Category:       conf
>Synopsis:       [patch] dumb little hack for /etc/rc.firewall{,6}
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-rc
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 04 13:40:17 PST 2003
>Closed-Date:    
>Last-Modified:  Sat Oct 27 16:30:47 UTC 2012
>Originator:     David Wolfskill
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
Egation Communications
>Environment:
System: FreeBSD frecnocpc2.noc.egation.com 4.9-STABLE FreeBSD 4.9-STABLE #11: Wed Oct 29 14:13:41 PST 2003 root@frecnocpc2.noc.egation.com:/common/S1/obj/usr/src/sys/REPO i386


	Any FreeBSD box where someone wants to use or explore ipfw.
>Description:
	Basic problem is that I sometimes make mistakes that are obvious
	in retrospect.  :-}  So I tend to hack the firewall script with
	which I start to add at "-t" flag, which prefixes each command
	with "echo".  That way, when it's run with "-t", I can see
	what ipfw (or ip6fw) commands will be executed.

	Basically, I thought that this might be useful to others.  And
	yeah, I got tired of hacking it in myself each time.  :-}

	If all else fails, consider it a teaching aid.  :-)
>How-To-Repeat:
	N/A
>Fix:
	Here you go.  I haven't actually used the rc.firewall6, but
	after hacking it, I did verify that I could make it spit
	out commands (and that they even looked plausible).

	Oh -- sorry; I don't have immediate access to a powered-on
	-CURRENT box right now.  The below ought to work just fine in
	-CURRENT, though.

	And my feelings won't be hurt if you use a different way to
	cause the "test" invocation.  "-t" just seemed mnemonic to me.
	Season to taste; serve when done well.

Index: rc.firewall
===================================================================
RCS file: /cvs/freebsd/src/etc/rc.firewall,v
retrieving revision 1.30.2.16
diff -u -r1.30.2.16 rc.firewall
--- rc.firewall	10 Feb 2003 05:45:06 -0000	1.30.2.16
+++ rc.firewall	4 Nov 2003 21:09:05 -0000
@@ -40,6 +40,11 @@
 	fi
 fi
 
+if [ "x$1" = "x-t" ]; then
+	firewall_test="YES"
+	shift
+fi
+
 ############
 # Define the firewall type in /etc/rc.conf.  Valid values are:
 #   open     - will allow anyone in
@@ -99,6 +104,14 @@
 	;;
 *)
 	fwcmd="/sbin/ipfw"
+	;;
+esac
+
+case ${firewall_test} in
+[Yy][Ee][Ss])
+	fwcmd="echo ${fwcmd}"
+	;;
+*)
 	;;
 esac
 
Index: rc.firewall6
===================================================================
RCS file: /cvs/freebsd/src/etc/rc.firewall6,v
retrieving revision 1.1.2.11
diff -u -r1.1.2.11 rc.firewall6
--- rc.firewall6	10 Feb 2003 05:45:06 -0000	1.1.2.11
+++ rc.firewall6	4 Nov 2003 21:18:34 -0000
@@ -13,6 +13,11 @@
 	fi
 fi
 
+if [ "x$1" = "x-t" ]; then
+	firewall_test="YES"
+	shift
+fi
+
 ############
 # Define the firewall type in /etc/rc.conf.  Valid values are:
 #   open     - will allow anyone in
@@ -78,6 +83,14 @@
 	;;
 *)
 	fw6cmd="/sbin/ip6fw"
+	;;
+esac
+
+case ${firewall_test} in
+[Yy][Ee][Ss])
+	fw6cmd="echo ${fw6cmd}"
+	;;
+*)
 	;;
 esac
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Jun 29 00:31:00 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=58939 
State-Changed-From-To: open->analyzed 
State-Changed-By: crees 
State-Changed-When: Sat Oct 27 16:26:22 UTC 2012 
State-Changed-Why:  
I think that this could be useful.  Instead though I've made it just 
depend on the value of $firewall_test; for example that could go into 
rc.conf.  Would you still like to see this go in? 

http://www.bayofrum.net/~crees/patches/58939.diff

http://www.freebsd.org/cgi/query-pr.cgi?pr=58939 
>Unformatted:
