From owner-freebsd-ipfw@FreeBSD.ORG Sun Dec 28 05:46:50 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6264B16A4CE for ; Sun, 28 Dec 2003 05:46:50 -0800 (PST) Received: from moutvdomng.kundenserver.de (moutvdom.kundenserver.de [212.227.126.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D7F443D2F for ; Sun, 28 Dec 2003 05:46:48 -0800 (PST) (envelope-from liamfoy@sepulcrum.org) Received: from [212.227.126.220] (helo=mrelayng.kundenserver.de) by moutvdomng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AabFn-0003ur-00 for freebsd-ipfw@freebsd.org; Sun, 28 Dec 2003 14:46:47 +0100 Received: from [217.43.129.115] (helo=sepulcrum.org) by mrvdomng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AabFm-00052J-00 for freebsd-ipfw@freebsd.org; Sun, 28 Dec 2003 14:46:46 +0100 Message-ID: <3FEEDEC6.6050601@sepulcrum.org> Date: Sun, 28 Dec 2003 13:46:46 +0000 From: Liam Foy User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031114 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <20031227200050.47AD316A511@hub.freebsd.org> In-Reply-To: <20031227200050.47AD316A511@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: freebsd-ipfw Digest, Vol 40, Issue 4 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Dec 2003 13:46:50 -0000 freebsd-ipfw-request@freebsd.org wrote: >Send freebsd-ipfw mailing list submissions to > freebsd-ipfw@freebsd.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >or, via email, send a message with subject or body 'help' to > freebsd-ipfw-request@freebsd.org > >You can reach the person managing the list at > freebsd-ipfw-owner@freebsd.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of freebsd-ipfw digest..." > > >Today's Topics: > > 1. need testers for a ipfw rule generation script! (Boris Staeblow) > 2. Re: need testers for a ipfw rule generation script! > (Bjoern A. Zeeb) > 3. Re: need testers for a ipfw rule generation script! > (Boris Staeblow) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Fri, 26 Dec 2003 22:29:55 +0100 >From: Boris Staeblow >Subject: need testers for a ipfw rule generation script! >To: freebsd-ipfw@freebsd.org >Message-ID: <200312262229.55270.bs@dva.in-berlin.de> >Content-Type: text/plain; charset="iso-8859-1" > >Hello, > >I need some testers for a ipfw rule generation script. >Because I have to administer some dialup internet-routers based on FreeBSD I >?ve >written this script to simplify the ipfw rule maintainance. >Many rules are collected from serval FreeBSD forums, HOWTO?S and man-pages. > >here is the README: > > >FIRE V1.07, 23 Dec. 2003, first public release >---------------------------------------------- > >The "fire" script creates a set of ipfw rules dynamically, depending of >the settings in the main configuration file. > >Although this script is flexible, the main target is a single local network >with internet-access over an internet-connected device (usually tunX from >ppp) > >- Of course I`m grateful for improvements, as I?m not a firewall > and script expert! >- Forgive any mistake in writing. >- DO NOT TRUST THE RESULTING IPFW-RULES BLINDLY!!! CHECK RULES WITH "ipfw >list"! >- USE THIS SCRIPT AT YOUR OWN RISK! >- Send comments, suggestions and diff?s to bs at dva.in-berlin.de :) > >download the latest version at http://dva.dyndns.org > >Boris > > > >------------------------------ > >Message: 2 >Date: Fri, 26 Dec 2003 22:23:28 +0000 (UTC) >From: "Bjoern A. Zeeb" >Subject: Re: need testers for a ipfw rule generation script! >To: Boris Staeblow >Cc: freebsd-ipfw@freebsd.org >Message-ID: > >Content-Type: TEXT/PLAIN; charset=ISO-8859-1 > >On Fri, 26 Dec 2003, Boris Staeblow wrote: > > > >>I need some testers for a ipfw rule generation script. >>Because I have to administer some dialup internet-routers based on FreeBSD I >>?ve >>written this script to simplify the ipfw rule maintainance. >>Many rules are collected from serval FreeBSD forums, HOWTO?S and man-pages. >> >> > >I have just scrolled through this thing with pg_down and did not read >it but there are things that always catch one's eye: > >please write 1000x times[1]: port 136 is neither netbios nor microsoft ! >write it like this: 135,137-139,445 > >[1] the use of scripting languages is permitted ;-))) > > > After reading about what boris has wrote, I have been working on something similar but in php. It will show IPFW statistics, and generate rules much like Metacortex for OpenBSD. It can work for both IPFW and IPF once a single configuration has been changed. Anyone got any comments, or ideas people would like to see? Anyone think such an idea is useful ?. Thanks in advance, -Liam-foy