On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote: > > I had to set up a linux firewall the other day, and I used the iptables > script generating program shorewall. > While pulling my hair over how ugly the iptables stuff (even via > shorewall) > is compared to OpenBSDs nice clean PF syntax, I did find one very nice > feature in shorewall - safe restart. > > When safe restarting, shorewall will implement all rules in the iptables > config files, then give the user a prompt: keep rules y/n? > > If 'yes' the rules are kept and everyone is happy. If 'no', iptables are > disabled and all traffic let in. If no answer then default to answer 'no' > after 60 seconds. > Very useful, even if just for the added peace of mind when applying new > changes. > > Is there a ready made script accomplishing this for openbsd / pf? Or any > plans of building such functionality? > > Christian > >
FreeBSD has a similar script for ipfw(8) called change_rules.sh. You could probably modify it to suit your needs, but I haven't really looked at how it works, as I don't find it necessary with pf. http://www.freebsd.org/cgi/cvsweb.cgi/src/share/examples/ipfw/change_rules.sh?annotate=1.2.2.5 -- Kian Mohageri