Date: Mon, 26 Mar 2001 14:14:05 -0500 From: unix@usww.com To: Johnny Dang <johnny.dang@johnnydang.net> Cc: FreeBSD IpFW <FREEBSD-IPFW@FreeBSD.ORG> Subject: Re: Scripting with IPFW Message-ID: <3ABF94FD.B4E7B4A1@usww.com> References: <Pine.BSF.4.21.0103261316570.9647-100000@johnnydang.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is one I use on many of my servers:
It determines your net number, ether allows you to automatically
setup your ether with specific ips, set firewall counting for
logging. I use this in the old fashion /etc/rc.local
I have not totally refined it but it works real well.
It is much more in depth than what is below but the following
is a cut-n-paste basically to work. It is written very basic so it
can be understood by most.
####################################################################
## Start of /etc/rc.local
ip=`ifconfig -a | grep "inet " | head -1 | awk '{print $2}'`;
q1=`echo $ip | awk -F. '{print $1}'`;
q2=`echo $ip | awk -F. '{print $2}'`;
q3=`echo $ip | awk -F. '{print $3}'`;
subnet="$q1.$q2.$q3";echo "Subnet: ($subnet)";
ether=`grep "ifconfig" /etc/rc.conf | awk -F= '{print $1}' | sed 's/ifconfig_//g;`
gate=`cat /etc/rc.conf | grep "defaultrouter" | awk -F= '{print $2'} | sed 's/\"//g';`;
hds=`df | head -2 | tail -1 | awk -F/ '{print $3}' | awk -F0 '{print $1}'`;
# Save info for future use
echo "IP:$ip gateway:$gate Subnet:$subnet Ethernet:$ether HD:$hds ">/tmp/startopts;
# Configure ether add routes and count i/o for logging purposes
# 130 131 132 133 134 are the quads to configure for the net block
# Do not use your machine IP in /etc/rc.conf here
for i in 130 131 132 133 134 # your C class quad numbers for this machine
do
ifconfig $ether $subnet.$i alias
route add $subnet.$i $gate
ipfw -q add 100 count all from $subnet.$i to any # Used for logs
ipfw -q add 100 count all from any to $subnet.$i # Used for logs
done
# Setup a few items
# FreeBSD 4x
/sbin/sysctl -w kern.ipc.somaxconn=512
/sbin/sysctl -w net.inet.ip.fw.verbose_limit=100
/sbin/sysctl -w net.inet.icmp.bmcastecho=0
/sbin/sysctl -w net.inet.ip.fw.one_pass=0
/etc/monitor # Start monitor so if sendmail, named, httpd etc go down they will restart
...snip...
####################################################################
I hope this gets you on your way.
Ben Bentsen
USWW Systems
http://usww.com
http://MallCity.org
http://w8.met
http://CyberLinkExchange.com
http://RackSpaceUnlimited.com
Johnny Dang wrote:
>
> Hello all experts out there,
>
> I have a Linux box (used to run ipchains). I then move the box to FreeBSD
> 4.2... Set it up and everything was running fine (with the help of your
> guys). Now, I have a small problem. Since the DEC0 of my new IPFW is a
> DHCP client, I would love to have the script grab the IP(rather than
> specify it)... I have this line on Linux and it was fine:
>
> WAN_IP=`ifconfig $WAN_NIC | grep inet | cut -d: -f2 | cut -d " " -f1` ...
> Now, how can I can set it up to put it under FreeBSD rc.firewall
> de0=??????????
>
> Thanks for your help.
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> "The instructions said to use Windows 98 or better,
> so I installed FreeBSD...It is working now!..."
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> Johnny Dang <Johnny.Dang@johnnydang.net>
> Senior Network Engineer/MCSE + Internet
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABF94FD.B4E7B4A1>