Date: Mon, 03 Jan 2005 16:40:22 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: Eric F Crist <ecrist@secure-computing.net>, Timothy Luoma <lists@tntluoma.com> Cc: FreeBSD-Questions Questions <freebsd-questions@freebsd.org> Subject: Re: my lame attempt at a shell script... Message-ID: <3E8DD18E8557227C2A3C8E5A@utd49554.utdallas.edu> In-Reply-To: <D7D0CFB3-5DD5-11D9-B56F-000D9333E43C@secure-computing.net> References: <06DDB71C-5DB4-11D9-B56F-000D9333E43C@secure-computing.net> <15416223037.20050103193803@hexren.net> <6074EB8D-5DC6-11D9-89A5-000D93AD26C8@tntluoma.com> <F0BE3E23-5DC8-11D9-B56F-000D9333E43C@secure-computing.net> <41D9BA53.4060105@locolomo.org> <2DF07A46-5DD2-11D9-89A5-000D93AD26C8@tntluoma.com> <D7D0CFB3-5DD5-11D9-B56F-000D9333E43C@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Monday, January 03, 2005 04:21:41 PM -0600 Eric F Crist <ecrist@secure-computing.net> wrote: > I believe this is my last question. I need to do some math. Anyone > familiar with ipfw knows that you can add a rule with: > > ipfw add [num] my firewall rule > > What I'm trying to do is have that number auto-computed. So, my command > *should* look something like: > > $ipfwcmd add [rulenum1 + 50] my firewall rule $other $variables > > Make sense? I just want to add a new rule, let it figure out the rule > number. That way, I can leave a space of 48 rules (for minor, on-the-fly > tweaking, etc. > First answer a question. Are you wanting to write these rules on the fly? Or have them available for the next restart of the firewall? Or both? You have a problem, because you want to use one, generic script to set up multiple, varied firewalls. In order for the script to work, you'll have to be able to calculate what number to use next based on what number was *last used* on *that* server. There's several ways to solve that problem. You could write a placemarker to a file. (Silly, but easy.) You could use rulesets, and just write a new line to a ruleset and let ipfw figure it out. (Much better I think.) If you also want to add the rule on the fly, you can just reload that ruleset. That way you use a fixed name and number (e.g. on-the-fly_rules, set 2) and just add rules to the ruleset, unload and reload the ruleset (ipfw set 2 disable; write the new rule to the ruleset; ipfw set 2 enable) Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E8DD18E8557227C2A3C8E5A>