From owner-freebsd-questions@FreeBSD.ORG Fri Dec 1 09:03:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 25F1C16A407 for ; Fri, 1 Dec 2006 09:03:35 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E76543CA2 for ; Fri, 1 Dec 2006 09:03:19 +0000 (GMT) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with SMTP id UAA21549; Fri, 1 Dec 2006 20:03:16 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 1 Dec 2006 20:03:15 +1100 (EST) From: Ian Smith To: "Dan Mahoney, System Admin" In-Reply-To: <20061129203900.7B1E016A4FE@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: (no subject) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 09:03:35 -0000 Bit late, catching up on half a dozen questions-digests, but fwiw: Re: freebsd-questions Digest, Vol 157, Issue 26 > Message: 33 > Date: Wed, 29 Nov 2006 14:55:52 -0500 (EST) > From: "Dan Mahoney, System Admin" > Hey all, the ipfw man page says rules can be deleted individually or in > groups, but I don't see (other than the sets) an easy way to craft > deletion of rules in a range (for example, 500-550). > > As the system I'm using crafts client rules by client numbers, this is a > kinda useful feature, is it available somewhere? Here's one of a number of scripts I wrote to manage client-group based rules for ipfw1 (before sets), to do just that; 'scuse debugging noise. #!/bin/sh # ipfwdelrange.sh 28/1/4 smithi optionally noisy for starters .. version="1.0 28Jan04" rulelist='/tmp/ipfwdelrange.rn' set=''; q=''; v='' [ "$1" = "-q" ] && q=y && shift # quiet [ "$1" = "-v" ] && v=y && shift # verbose [ ! "$q" ] && echo -n "ipfwdelrange.sh: " [ $# -ne 2 ] && echo "usage: $0 [-q|-v] firstrule lastrule" && exit 1 /sbin/ipfw list | awk '{print $1}' >$rulelist # existing rulenumbers [ $? -ne 0 ] && echo "'ipfw list' failed!" && exit 1 while read rule; do # find any existing ipfw rules within range [ $rule -lt $1 ] && continue [ $rule -gt $2 -o $rule -eq 65535 ] && break set="$set $rule" # includes duplicates; each must be deleted done <$rulelist if [ "$set" ]; then [ ! "$q" ] && echo "deleting all rules in range ${1}-$2" [ "$v" ] && echo "$set" /sbin/ipfw -q delete $set # delete all existing in range [ $? -ne 0 ] && echo "'ipfw delete' failed!" && exit 1 else [ ! "$q" ] && echo "no ipfw rules to delete in range ${1}-$2" fi [ -f $rulelist ] && rm $rulelist exit 0 I seem to recall ipfw2 deletes multiple rules with the same number with one delete statement. If that's the case, and you use any, make it: [ ! "`echo $set | grep $rule`" ] && set="$set $rule" or you'll get error messages on repeated deletes of the same rule. Cheers, Ian