Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, which

interpreted the listed items as port numbers of TCP services. A service with no suffix still works and recognized as a TCP service for backward compatibility. It should be updated with /tcp suffix. PR: 194292 MFC after: 1 week
svn path=/head/; revision=273201
2014-10-17 00:31:51 +00:00 · 2014-10-17 00:31:51 +00:00 · 544d3b859e · 2020-12-20 02:59:44 +00:00
commit 544d3b859e
parent 0b43817eac
1 changed files with 20 additions and 3 deletions
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@ -422,8 +422,8 @@ case ${firewall_type} in

 [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
 	# Configuration:
-	#  firewall_myservices:		List of TCP ports on which this host
-	#			 	 offers services.
+	#  firewall_myservices:		List of ports/protocols on which this
+	#				 host offers services.
 	#  firewall_allowservices:	List of IPv4 and/or IPv6 addresses
 	#				 that have access to
 	#				 $firewall_myservices.
@ -487,7 +487,24 @@ case ${firewall_type} in
 	#
 	for i in ${firewall_allowservices} ; do
 	  for j in ${firewall_myservices} ; do
-	    ${fwcmd} add pass tcp from $i to me $j
+	    case $j in
+	    [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo])
+	      ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me
+	    ;;
+	    [0-9A-Za-z]*/[Tt][Cc][Pp])
+	      ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]}
+	    ;;
+	    [0-9A-Za-z]*/[Uu][Dd][Pp])
+	      ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]}
+	    ;;
+	    *[0-9A-Za-z])
+	      echo "Consider using tcp/$j in firewall_myservices." > /dev/stderr
+	      ${fwcmd} add pass tcp from $i to me $j
+	    ;;
+	    *)
+	      echo "Invalid port in firewall_myservices: $j" > /dev/stderr
+	    ;;
+	    esac
 	  done
 	done