From owner-freebsd-security Fri Oct 13 3:15:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id D606F37B502 for ; Fri, 13 Oct 2000 03:15:24 -0700 (PDT) Received: (qmail 18739 invoked by uid 1001); 13 Oct 2000 10:15:28 -0000 Date: Fri, 13 Oct 2000 13:15:28 +0300 From: Peter Pentchev To: Rolf Edwards Cc: freebsd-security@FreeBSD.ORG Subject: Re: Dynamic rc.firewall Message-ID: <20001013131528.A17444@ringwraith.office1.bg> References: <5.0.0.25.2.20001013032255.00a8ee40@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.0.25.2.20001013032255.00a8ee40@127.0.0.1>; from redwards@meccamediagroup.com on Fri, Oct 13, 2000 at 03:33:09AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 13, 2000 at 03:33:09AM -0600, Rolf Edwards wrote: > How can I have rc.firewall automatically pull in ip, netmask and network > numbers from the currently configured interfaces. > > Lets say I was to supply 'xl0' and have it extract the information from > ifconfig. I started a perl program, but I don't have enough documentation > available at the moment to actually extract the data from what is returned. > > Has anyone tried this? I would assume that if one was using DHCP, they > would want this type of feature? ifconfig(8) provides all the necessary information; just do an ifconfig on the interface you want, find the line containing 'inet', and parse it.. [roam@ringwraith ~]$ ifconfig xl0 xl0: flags=8843 mtu 1500 inet 192.168.1.13 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:01:02:1c:7d:ef media: autoselect (100baseTX ) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UT P 10baseT/UTP 100baseTX Alright, that's all the interface info.. Now only the part we need.. [roam@ringwraith ~]$ ifconfig xl0 | fgrep -w inet inet 192.168.1.13 netmask 0xffffff00 broadcast 192.168.1.255 Alright. Let's try to extract the information now.. [roam@ringwraith ~]$ ifconfig xl0 | fgrep -w inet | awk '{print "outaddr=" $2 " ; outmask=" $4 "; outbcast=" $6 ";"}' outaddr=192.168.1.13; outmask=0xffffff00; outbcast=192.168.1.255; Here. That's one line of output in a shell-script parseable format. Let's see what we can do with it.. [roam@ringwraith ~]$ eval `ifconfig xl0 | fgrep -w inet | awk '{print "outaddr=" $2 "; outmask=" $4 "; outbcast=" $6 ";"}'` [roam@ringwraith ~]$ echo $outmask 0xffffff00 [roam@ringwraith ~]$ echo $outaddr 192.168.1.13 [roam@ringwraith ~]$ echo $outbcast 192.168.1.255 [roam@ringwraith ~]$ So, this should be ready for insertion into a shell script. Hmm there might be a slight problem here - awk lives in /usr/bin, and might not be available at the time rc.firewall is executed in network_pass1(). Actually, this just made me think of a way better solution. In a Bourne shell, you just do.. [roam@ringwraith /etc]$ set `ifconfig | fgrep -w inet`; outaddr=$2; outmask=$4; outbcast = $6 Yes, it really is that easy :) [roam@ringwraith /etc]$ echo "a $outaddr, m $outmask, bc $outbcast" a 192.168.1.13, m 0xffffff00, bc 192.168.1.255 [roam@ringwraith /etc]$ Hope that helps :) G'luck, Peter -- Nostalgia ain't what it used to be. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message