On Sun, Jul 16, 2017 at 12:11:55PM +0000, Robert Peichaer wrote: > On Sun, Jul 16, 2017 at 01:37:56PM +0200, Klemens Nanni wrote: > > This removes on level of indent, avoids the ugly RULES="$RULES ..." > > repitition and spares a print. > > > > We could do a 'pfctl -ef -' right away but I kept changing and enabling > > clearly seperated. Regarding the leading newlines and tabs of the inner > > echo: pf perfectly munges those, no need to clear them. > > > > The "don't" -> "do not" is neccessary since otherwise the shell would > > choke on it as opening quote. > > > > > > Feedback? Comments? > > Nice idea. The only maby irrelevant concern I have is, that using the > here-document approach uses a temporary file and if that for some reason > fails, we end up without this or mangled rules. sh reads the temporary file in 512 bytes chunks, the here document is about 2.0K in size.
I didn't bother intercepting sh with gdb and simulating a scenario where the temporary file cannot be written but in case the user has no disk space left I'd expect it to not be created at all since. In general I'd say that if /tmp doesn't have 2.0K left users probably have more serious problems anyway.
