From owner-freebsd-questions@FreeBSD.ORG Mon Jan 3 22:49:18 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54EA816A4CE for ; Mon, 3 Jan 2005 22:49:18 +0000 (GMT) Received: from grog.secure-computing.net (grog.secure-computing.net [63.228.14.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26AE943D2D for ; Mon, 3 Jan 2005 22:49:15 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from [192.168.1.102] (c-66-41-157-209.mn.client2.attbi.com [66.41.157.209]) (authenticated bits=0)j03Mn8md030738; Mon, 3 Jan 2005 16:49:09 -0600 (CST) (envelope-from ecrist@secure-computing.net) In-Reply-To: <3E8DD18E8557227C2A3C8E5A@utd49554.utdallas.edu> References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net> <15416223037.20050103193803@hexren.net> <6074EB8D-5DC6-11D9-89A5-000D93AD26C8@tntluoma.com> <41D9BA53.4060105@locolomo.org> <2DF07A46-5DD2-11D9-89A5-000D93AD26C8@tntluoma.com> <3E8DD18E8557227C2A3C8E5A@utd49554.utdallas.edu> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-14--216190665" Message-Id: Content-Transfer-Encoding: 7bit From: Eric F Crist Date: Mon, 3 Jan 2005 16:49:04 -0600 To: Paul Schmehl X-Pgp-Agent: GPGMail 1.0.2 X-Mailer: Apple Mail (2.619) X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on grog.secure-computing.net cc: Timothy Luoma cc: FreeBSD-Questions Questions Subject: Re: my lame attempt at a shell script... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2005 22:49:18 -0000 --Apple-Mail-14--216190665 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Jan 3, 2005, at 4:40 PM, Paul Schmehl wrote: > --On Monday, January 03, 2005 04:21:41 PM -0600 Eric F Crist > wrote: > >> I believe this is my last question. I need to do some math. Anyone >> familiar with ipfw knows that you can add a rule with: >> >> ipfw add [num] my firewall rule >> >> What I'm trying to do is have that number auto-computed. So, my >> command >> *should* look something like: >> >> $ipfwcmd add [rulenum1 + 50] my firewall rule $other $variables >> >> Make sense? I just want to add a new rule, let it figure out the rule >> number. That way, I can leave a space of 48 rules (for minor, >> on-the-fly >> tweaking, etc. >> > > First answer a question. Are you wanting to write these rules on the > fly? Or have them available for the next restart of the firewall? Or > both? > > You have a problem, because you want to use one, generic script to set > up multiple, varied firewalls. In order for the script to work, > you'll have to be able to calculate what number to use next based on > what number was *last used* on *that* server. > > There's several ways to solve that problem. You could write a > placemarker to a file. (Silly, but easy.) You could use rulesets, > and just write a new line to a ruleset and let ipfw figure it out. > (Much better I think.) If you also want to add the rule on the fly, > you can just reload that ruleset. That way you use a fixed name and > number (e.g. on-the-fly_rules, set 2) and just add rules to the > ruleset, unload and reload the ruleset (ipfw set 2 disable; write the > new rule to the ruleset; ipfw set 2 enable) Paul, By on-the-fly, I meant by manually typing in a new rule on the command line. From there, I'd take the output of ipfw show and figure out where I want that rule placed. So, for the purposes of this script, I just want it to add new rules at an interval of 50. Within the script, different sets of rules will be grouped by the 10000, but I'll worry about that vailidation on my own. The syntax is where my limitations lie. Thanks. _______________________________________________________ Eric F Crist "I am so smart, S.M.R.T!" Secure Computing Networks -Homer J Simpson --Apple-Mail-14--216190665 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iEYEARECAAYFAkHZy+AACgkQRAAY9knOW+pxrgCaAoFeCodbJpkYZWwMggaDsorU 2moAn00n+P6sz2vHR/NKU58mwq+IVoQx =ed35 -----END PGP SIGNATURE----- --Apple-Mail-14--216190665--