Quoting Stuart Henderson <[EMAIL PROTECTED]>:
> *seriously* unsupported:
>
> $ perl -pi -e s,etc/services,etc/sXrvices, < /sbin/pfctl >
> ~/bin/pfctl-no-service-names
>
> your foot is
>
> :
>
> :
>
> :
>
> V
>
> this way <bang>
>
A longer winded version (same idea - Perl ... and no prizes for my code)
use warnings;
use strict;
# Get the rules
my $pfctl_rules=`pfctl -s rules`;
# Get the known services
open(SERVICES,"</etc/services");
my (@services)=<SERVICES>;
# Pull out the TCP services
my %services;
foreach my $service (@services) {
if ($service =~ /(.*?)[\s]*([0-9]{1,4})\/tcp/) {
my $service_name=$1;
my $service_port=$2;
$services{$service_name}=$service_port;
}
}
# Now go through the rules - if we find port = ccc then translate, otherwise
# just print the pftcl line "as is"
foreach my $pfctl_rule (split /\n/,$pfctl_rules) {
if ($pfctl_rule =~ /(.*?)port = ([\D]*?)([\s].*)/) {
my $look_up="";
if (exists $services{$2}) {
$look_up=$services{$2};
}
print "$1port = $2($look_up)$3\n";
} else {
print "$pfctl_rule\n";
}
}
Sample (manually altered, obviously):
# perl pfrules.pl
block drop log all
pass out quick on XXX1 inet proto tcp from (XXX1) to NNN.NNN.NNN.NNN port =
ssh(22) flags S/SA keep state
pass proto udp from any to any port = domain(53) keep state
pass in log on XXX0 inet proto tcp from any to 127.0.0.1 port = 8021 flags S/SA
keep state
pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = www(80) flags
S/SA keep state
pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = https(443)
flags S/SA keep state
