Date: Fri, 13 Oct 2000 13:15:28 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Rolf Edwards <redwards@meccamediagroup.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Dynamic rc.firewall Message-ID: <20001013131528.A17444@ringwraith.office1.bg> In-Reply-To: <5.0.0.25.2.20001013032255.00a8ee40@127.0.0.1>; from redwards@meccamediagroup.com on Fri, Oct 13, 2000 at 03:33:09AM -0600 References: <5.0.0.25.2.20001013032255.00a8ee40@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 13, 2000 at 03:33:09AM -0600, Rolf Edwards wrote:
> How can I have rc.firewall automatically pull in ip, netmask and network
> numbers from the currently configured interfaces.
>
> Lets say I was to supply 'xl0' and have it extract the information from
> ifconfig. I started a perl program, but I don't have enough documentation
> available at the moment to actually extract the data from what is returned.
>
> Has anyone tried this? I would assume that if one was using DHCP, they
> would want this type of feature?
ifconfig(8) provides all the necessary information; just do an ifconfig
on the interface you want, find the line containing 'inet', and parse it..
[roam@ringwraith ~]$ ifconfig xl0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.13 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:01:02:1c:7d:ef
media: autoselect (100baseTX <full-duplex>) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UT
P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
Alright, that's all the interface info.. Now only the part we need..
[roam@ringwraith ~]$ ifconfig xl0 | fgrep -w inet
inet 192.168.1.13 netmask 0xffffff00 broadcast 192.168.1.255
Alright. Let's try to extract the information now..
[roam@ringwraith ~]$ ifconfig xl0 | fgrep -w inet | awk '{print "outaddr=" $2 " ; outmask=" $4 "; outbcast=" $6 ";"}'
outaddr=192.168.1.13; outmask=0xffffff00; outbcast=192.168.1.255;
Here. That's one line of output in a shell-script parseable format.
Let's see what we can do with it..
[roam@ringwraith ~]$ eval `ifconfig xl0 | fgrep -w inet | awk '{print "outaddr=" $2 "; outmask=" $4 "; outbcast=" $6 ";"}'`
[roam@ringwraith ~]$ echo $outmask
0xffffff00
[roam@ringwraith ~]$ echo $outaddr
192.168.1.13
[roam@ringwraith ~]$ echo $outbcast
192.168.1.255
[roam@ringwraith ~]$
So, this should be ready for insertion into a shell script.
Hmm there might be a slight problem here - awk lives in /usr/bin, and might
not be available at the time rc.firewall is executed in network_pass1().
Actually, this just made me think of a way better solution. In a Bourne
shell, you just do..
[roam@ringwraith /etc]$ set `ifconfig | fgrep -w inet`; outaddr=$2; outmask=$4; outbcast = $6
Yes, it really is that easy :)
[roam@ringwraith /etc]$ echo "a $outaddr, m $outmask, bc $outbcast"
a 192.168.1.13, m 0xffffff00, bc 192.168.1.255
[roam@ringwraith /etc]$
Hope that helps :)
G'luck,
Peter
--
Nostalgia ain't what it used to be.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001013131528.A17444>