On Sun, Jul 16, 2017 at 02:28:59PM +0200, Klemens Nanni wrote: > On Sun, Jul 16, 2017 at 12:11:55PM +0000, Robert Peichaer wrote: > > On Sun, Jul 16, 2017 at 01:37:56PM +0200, Klemens Nanni wrote: > > > This removes on level of indent, avoids the ugly RULES="$RULES ..." > > > repitition and spares a print. > > > > > > We could do a 'pfctl -ef -' right away but I kept changing and enabling > > > clearly seperated. Regarding the leading newlines and tabs of the inner > > > echo: pf perfectly munges those, no need to clear them. > > > > > > The "don't" -> "do not" is neccessary since otherwise the shell would > > > choke on it as opening quote. > > > > > > > > > Feedback? Comments? > > > > Nice idea. The only maby irrelevant concern I have is, that using the > > here-document approach uses a temporary file and if that for some reason > > fails, we end up without this or mangled rules. > sh reads the temporary file in 512 bytes chunks, the here document is > about 2.0K in size. > > I didn't bother intercepting sh with gdb and simulating a scenario where > the temporary file cannot be written but in case the user has no disk > space left I'd expect it to not be created at all since. > > In general I'd say that if /tmp doesn't have 2.0K left users probably > have more serious problems anyway.
Have you thought about diskless(8) setups? -- -=[rpe]=-
