Date: Mon, 26 Mar 2001 14:14:05 -0500 From: unix@usww.com To: Johnny Dang <johnny.dang@johnnydang.net> Cc: FreeBSD IpFW <FREEBSD-IPFW@FreeBSD.ORG> Subject: Re: Scripting with IPFW Message-ID: <3ABF94FD.B4E7B4A1@usww.com> References: <Pine.BSF.4.21.0103261316570.9647-100000@johnnydang.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is one I use on many of my servers: It determines your net number, ether allows you to automatically setup your ether with specific ips, set firewall counting for logging. I use this in the old fashion /etc/rc.local I have not totally refined it but it works real well. It is much more in depth than what is below but the following is a cut-n-paste basically to work. It is written very basic so it can be understood by most. #################################################################### ## Start of /etc/rc.local ip=`ifconfig -a | grep "inet " | head -1 | awk '{print $2}'`; q1=`echo $ip | awk -F. '{print $1}'`; q2=`echo $ip | awk -F. '{print $2}'`; q3=`echo $ip | awk -F. '{print $3}'`; subnet="$q1.$q2.$q3";echo "Subnet: ($subnet)"; ether=`grep "ifconfig" /etc/rc.conf | awk -F= '{print $1}' | sed 's/ifconfig_//g;` gate=`cat /etc/rc.conf | grep "defaultrouter" | awk -F= '{print $2'} | sed 's/\"//g';`; hds=`df | head -2 | tail -1 | awk -F/ '{print $3}' | awk -F0 '{print $1}'`; # Save info for future use echo "IP:$ip gateway:$gate Subnet:$subnet Ethernet:$ether HD:$hds ">/tmp/startopts; # Configure ether add routes and count i/o for logging purposes # 130 131 132 133 134 are the quads to configure for the net block # Do not use your machine IP in /etc/rc.conf here for i in 130 131 132 133 134 # your C class quad numbers for this machine do ifconfig $ether $subnet.$i alias route add $subnet.$i $gate ipfw -q add 100 count all from $subnet.$i to any # Used for logs ipfw -q add 100 count all from any to $subnet.$i # Used for logs done # Setup a few items # FreeBSD 4x /sbin/sysctl -w kern.ipc.somaxconn=512 /sbin/sysctl -w net.inet.ip.fw.verbose_limit=100 /sbin/sysctl -w net.inet.icmp.bmcastecho=0 /sbin/sysctl -w net.inet.ip.fw.one_pass=0 /etc/monitor # Start monitor so if sendmail, named, httpd etc go down they will restart ...snip... #################################################################### I hope this gets you on your way. Ben Bentsen USWW Systems http://usww.com http://MallCity.org http://w8.met http://CyberLinkExchange.com http://RackSpaceUnlimited.com Johnny Dang wrote: > > Hello all experts out there, > > I have a Linux box (used to run ipchains). I then move the box to FreeBSD > 4.2... Set it up and everything was running fine (with the help of your > guys). Now, I have a small problem. Since the DEC0 of my new IPFW is a > DHCP client, I would love to have the script grab the IP(rather than > specify it)... I have this line on Linux and it was fine: > > WAN_IP=`ifconfig $WAN_NIC | grep inet | cut -d: -f2 | cut -d " " -f1` ... > Now, how can I can set it up to put it under FreeBSD rc.firewall > de0=?????????? > > Thanks for your help. > > ++++++++++++++++++++++++++++++++++++++++++++++++++ > "The instructions said to use Windows 98 or better, > so I installed FreeBSD...It is working now!..." > ++++++++++++++++++++++++++++++++++++++++++++++++++ > Johnny Dang <Johnny.Dang@johnnydang.net> > Senior Network Engineer/MCSE + Internet > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABF94FD.B4E7B4A1>