Subject: Re: admin script for ipfilter
To: Darren Reed <darrenr@NetBSD.org>
From: Geert Hendrickx <ghen@NetBSD.org>
List: tech-userlevel
Date: 12/27/2006 17:56:14
On Wed, Dec 27, 2006 at 02:33:53PM +0000, Darren Reed wrote:
> On Wed, Dec 27, 2006 at 11:16:50AM +0100, Geert Hendrickx wrote:
> > On Wed, Dec 27, 2006 at 12:04:47AM +0000, Darren Reed wrote:
> > > So...the attached script, "ipfadm", I'm curious for feedback on.
> > >=20
> > > The idea is to do "ipfadm enable ipfilter" or "ipfadm disable ipfilte=
r"
> > > and it updates the relevant rc.d config file for you.
> > >=20
> > > Ok, not catchy...
> > >=20
> > > What I hope is of more interest is doing "ipfadm ipfilter status",
> > > where it will tell you if it is enabled, disabled, enabled but no rul=
es,
> > > or disabled but rules loaded.
> > >=20
> > > Feedback welcome.
> >=20
> > Why not generalise this to "rc.dadmin enable/disable/status XXX" to tog=
gle
> > arbitrary startup scripts? You could still add ipfilter-specific hooks=
(as
> > well as for other rc.d scripts) for the "status" command.
>=20
> Well, it would be called "rcadmin", o=7Fnot "rc.dadmin" (puke).
Or even: /etc/rc.d/ipfilter enable?
We should make it so that "status" and "enable" don't need to be prefixed
with "one" if the rc.d script is not enabled.
Geert