Date: Sun, 12 Jan 2003 17:05:59 +0100 From: "Simon L. Nielsen" <simon@nitro.dk> To: "Scott M. Nolde" <scott@smnolde.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Feature Request Message-ID: <20030112160558.GE348@nitro.dk> In-Reply-To: <20030108145020.GA15778@smnolde.com> References: <20030108145020.GA15778@smnolde.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.01.08 09:50:20 +0000, Scott M. Nolde wrote: > Has there been consideration to make a "relative skip" function similar to > skipto, where the number of rules are skipped relative to the rule itself? I found this could be useful so I have implemented this in my own firewall script to get the functionality like this : fwcmd_add deny ip from 10.0.0.0/8 to any fwcmd_add skipto ${rule_skip_1} ip from 192.168.1.0/24 to any fwcmd_add deny ip from 192.168.0.0/16 to any fwcmd_add count ip from any to any When run this gives : add 500 deny ip from 10.0.0.0/8 to any add 510 skipto 530 ip from 192.168.1.0/24 to any add 520 deny ip from 192.168.0.0/16 to any add 530 count ip from any to any It is not perfect but it works...=20 The implemetation is not complete yet but you can get the idea : is_num() { expr "$*" + 1 >/dev/null 2>&1 return $? } rule_first=3D500 rule_inc=3D10 # How much to inc pr rule rule_next=3D${rule_first} # The next rule to use # Add a firewall rule fwcmd_add() { # Check if we have a rule number if is_num "$1"; then rule_next=3D$1 shift fi ${fwcmd} add ${rule_next} $@ rule_next=3D$((${rule_next} + ${rule_inc})) =20 # Note the are a bit odd since they are used by the next rule # Warning: These will FAIL if an absoule rule nr is used in one of # the rules before the one being skipped to rule_skip_1=3D$((${rule_next} + ${rule_inc} * 2)) rule_skip_2=3D$((${rule_next} + ${rule_inc} * 3)) rule_skip_3=3D$((${rule_next} + ${rule_inc} * 4)) } --=20 Simon L. Nielsen --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+IZJm8kocFXgPTRwRAiqnAKDV4dS+3x+4vXAFLktin3deB99UywCg1C8E k472IQc1ZiT75XuhRLzAHBA= =pz7b -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030112160558.GE348>