Quoting Stuart Henderson <[EMAIL PROTECTED]>: > *seriously* unsupported: > > $ perl -pi -e s,etc/services,etc/sXrvices, < /sbin/pfctl > > ~/bin/pfctl-no-service-names > > your foot is > > : > > : > > : > > V > > this way <bang> >
A longer winded version (same idea - Perl ... and no prizes for my code) use warnings; use strict; # Get the rules my $pfctl_rules=`pfctl -s rules`; # Get the known services open(SERVICES,"</etc/services"); my (@services)=<SERVICES>; # Pull out the TCP services my %services; foreach my $service (@services) { if ($service =~ /(.*?)[\s]*([0-9]{1,4})\/tcp/) { my $service_name=$1; my $service_port=$2; $services{$service_name}=$service_port; } } # Now go through the rules - if we find port = ccc then translate, otherwise # just print the pftcl line "as is" foreach my $pfctl_rule (split /\n/,$pfctl_rules) { if ($pfctl_rule =~ /(.*?)port = ([\D]*?)([\s].*)/) { my $look_up=""; if (exists $services{$2}) { $look_up=$services{$2}; } print "$1port = $2($look_up)$3\n"; } else { print "$pfctl_rule\n"; } } Sample (manually altered, obviously): # perl pfrules.pl block drop log all pass out quick on XXX1 inet proto tcp from (XXX1) to NNN.NNN.NNN.NNN port = ssh(22) flags S/SA keep state pass proto udp from any to any port = domain(53) keep state pass in log on XXX0 inet proto tcp from any to 127.0.0.1 port = 8021 flags S/SA keep state pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = www(80) flags S/SA keep state pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = https(443) flags S/SA keep state