Re: my lame attempt at a shell script...

• Previous message: Jordan Michaels: "FreeBSD 4.10 and finding dependant packages"
• In reply to: Eric F Crist: "Re: my lame attempt at a shell script..."
• Next in thread: Eric F Crist: "Re: my lame attempt at a shell script..."
• Reply: Eric F Crist: "Re: my lame attempt at a shell script..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 03 Jan 2005 17:00:16 -0600
To: Eric F Crist <ecrist@secure-computing.net>

--On Monday, January 03, 2005 04:49:04 PM -0600 Eric F Crist
<ecrist@secure-computing.net> wrote:
>
> By on-the-fly, I meant by manually typing in a new rule on the command
> line. From there, I'd take the output of ipfw show and figure out where
> I want that rule placed. So, for the purposes of this script, I just
> want it to add new rules at an interval of 50. Within the script,
> different sets of rules will be grouped by the 10000, but I'll worry
> about that vailidation on my own. The syntax is where my limitations lie.
>
In that case write to a ruleset. Keep in mind that you want to not only
add the rule on the fly, but you also want it implemented should the server
be rebooted or the firewall be restarted. All you have to do is write the
rule to the next line of the ruleset and disable and enable the ruleset and
you're done. Much easier than trying to figure out what number to add and
you've killed both birds with the same stone.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Jordan Michaels: "FreeBSD 4.10 and finding dependant packages"
• In reply to: Eric F Crist: "Re: my lame attempt at a shell script..."
• Next in thread: Eric F Crist: "Re: my lame attempt at a shell script..."
• Reply: Eric F Crist: "Re: my lame attempt at a shell script..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: my lame attempt at a shell script... ... In order for the script to work, ... > and just write a new line to a ruleset and let ipfw figure it out. ... I meant by manually typing in a new rule on the command ... (freebsd-questions) [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate ... This is a proposal for ipfw improving ideas and architectural changes. ... Current ipfw's dynamic rules are not suitable for several advanced ... call IPSEC processing from specified place in ruleset just like all ... As patch about using rule counters is currently discussed in ipfw@, ... (freebsd-hackers) Re: my lame attempt at a shell script... ... new line to a ruleset and let ipfw figure it out. ... set 2) and just add rules to the ruleset, unload and reload the ruleset ... (ipfw set 2 disable; write the new rule to the ruleset; ipfw set 2 enable) ... (freebsd-questions) Re: Problem with "ipfw flush" ... the system freezes up and locks me out when I do: ... I haven't used IPFW in a while but if I recall right IPFW has a default ... That should allow you flush and load your ruleset. ... to look into changing the default policy to accept. ... (freebsd-questions) Re: problem in smtp server ... As for the FTP ... You really could do with simplifying the ruleset. ... 00100 6518245 543535836 allow ip from me to any keep-state ... If you post the output of ipfw show, I could clean it up for you. ... (comp.unix.bsd.freebsd.misc)