From owner-freebsd-questions@FreeBSD.ORG  Mon Jan  3 23:00:17 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8E6BF16A4D1
	for <freebsd-questions@freebsd.org>;
	Mon,  3 Jan 2005 23:00:17 +0000 (GMT)
Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6606543D3F
	for <freebsd-questions@freebsd.org>;
	Mon,  3 Jan 2005 23:00:17 +0000 (GMT)
	(envelope-from pauls@utdallas.edu)
Received: from utd49554 (utd49554.utdallas.edu [129.110.3.85])
	by smtp1.utdallas.edu (Postfix) with ESMTP id 1AA1E389245;
	Mon,  3 Jan 2005 17:00:17 -0600 (CST)
Date: Mon, 03 Jan 2005 17:00:16 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: Eric F Crist <ecrist@secure-computing.net>
Message-ID: <7C6BEBEDE2DB4AC7E55D6843@utd49554.utdallas.edu>
In-Reply-To: <AB283AB4-5DD9-11D9-B56F-000D9333E43C@secure-computing.net>
References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net>
 <15416223037.20050103193803@hexren.net>
 <6074EB8D-5DC6-11D9-89A5-000D93AD26C8@tntluoma.com>
 <F0BE3E23-5DC8-11D9-B56F-000D9333E43C@secure-computing.net>
 <41D9BA53.4060105@locolomo.org>
 <2DF07A46-5DD2-11D9-89A5-000D93AD26C8@tntluoma.com>
 <D7D0CFB3-5DD5-11D9-B56F-000D9333E43C@secure-computing.net>
 <3E8DD18E8557227C2A3C8E5A@utd49554.utdallas.edu>
 <AB283AB4-5DD9-11D9-B56F-000D9333E43C@secure-computing.net>
X-Mailer: Mulberry/3.1.6 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
cc: Timothy Luoma <lists@tntluoma.com>
cc: FreeBSD-Questions Questions <freebsd-questions@freebsd.org>
Subject: Re: my lame attempt at a shell script...
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Paul Schmehl <pauls@utdallas.edu>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jan 2005 23:00:17 -0000

--On Monday, January 03, 2005 04:49:04 PM -0600 Eric F Crist 
<ecrist@secure-computing.net> wrote:
>
> By on-the-fly, I meant by manually typing in a new rule on the command
> line.  From there, I'd take the output of ipfw show and figure out where
> I want that rule placed.  So, for the purposes of this script, I just
> want it to add new rules at an interval of 50.  Within the script,
> different sets of rules will be grouped by the 10000, but I'll worry
> about that vailidation on my own.  The syntax is where my limitations lie.
>
In that case write to a ruleset.  Keep in mind that you want to not only 
add the rule on the fly, but you also want it implemented should the server 
be rebooted or the firewall be restarted.  All you have to do is write the 
rule to the next line of the ruleset and disable and enable the ruleset and 
you're done.  Much easier than trying to figure out what number to add and 
you've killed both birds with the same stone.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu