Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 Jan 2003 17:05:59 +0100
From:      "Simon L. Nielsen" <>
To:        "Scott M. Nolde" <>
Subject:   Re: Feature Request
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2003.01.08 09:50:20 +0000, Scott M. Nolde wrote:

> Has there been consideration to make a "relative skip" function similar to
> skipto, where the number of rules are skipped relative to the rule itself?
I found this could be useful so I have implemented this in my own firewall
script to get the functionality like this :

fwcmd_add deny ip from to any
fwcmd_add skipto ${rule_skip_1} ip from to any
fwcmd_add deny ip from to any
fwcmd_add count ip from any to any

When run this gives :

add 500 deny ip from to any
add 510 skipto 530 ip from to any
add 520 deny ip from to any
add 530 count ip from any to any

It is not perfect but it works...=20

The implemetation is not complete yet but you can get the idea :

is_num() {
    expr "$*" + 1 >/dev/null 2>&1
    return $?

rule_inc=3D10 # How much to inc pr rule
rule_next=3D${rule_first} # The next rule to use
# Add a firewall rule
fwcmd_add() {
    # Check if we have a rule number
    if is_num "$1"; then

    ${fwcmd} add ${rule_next} $@

    rule_next=3D$((${rule_next} + ${rule_inc}))
    # Note the are a bit odd since they are used by the next rule
    # Warning: These will FAIL if an absoule rule nr is used in one of
    # the rules before the one being skipped to
    rule_skip_1=3D$((${rule_next} + ${rule_inc} * 2))
    rule_skip_2=3D$((${rule_next} + ${rule_inc} * 3))
    rule_skip_3=3D$((${rule_next} + ${rule_inc} * 4))

Simon L. Nielsen

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)



To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>