So I'm attempting to build a new, somewhat cleaner and more modular rc.firewall startup script for FreeBSD.
Instead of having a editable /etc/rc.firewall, I'm redoing it so that loads scripts and ipfw rules from /etc/ipfw/ (or maybe /etc/fw/) when it's run, so that after bootup you can say "sh /etc/rc.firewall safe" and it resets the firewall rules to something safe, and you can specify a group of rulesets you want in rc.conf. Or that's the current idea, I'm still playing with ideas as to what would be nicer, both for the end luser who just wants people not to be able to spam through their systems and the firewall guy (such as I style myself) who ends up having to build a new firewall rule system for every new system he puts together based on the flaws she found last time.
And it gets me thinking how old POSIX sh seems. I don't go five minutes without saying "Gee, I wish I had <some TCL feature>" or "this would be so much easier in zsh." We're so spoiled these days.
Urgh. They took away my dimwit cert. I feel so betrayed. Comic self-debasement is important, dammit!