Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 12 Jan 2003 17:05:59 +0100
From:      "Simon L. Nielsen" <simon@nitro.dk>
To:        "Scott M. Nolde" <scott@smnolde.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Feature Request
Message-ID:  <20030112160558.GE348@nitro.dk>
In-Reply-To: <20030108145020.GA15778@smnolde.com>
References:  <20030108145020.GA15778@smnolde.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On 2003.01.08 09:50:20 +0000, Scott M. Nolde wrote:

> Has there been consideration to make a "relative skip" function similar to
> skipto, where the number of rules are skipped relative to the rule itself?
I found this could be useful so I have implemented this in my own firewall
script to get the functionality like this :

fwcmd_add deny ip from 10.0.0.0/8 to any
fwcmd_add skipto ${rule_skip_1} ip from 192.168.1.0/24 to any
fwcmd_add deny ip from 192.168.0.0/16 to any
fwcmd_add count ip from any to any

When run this gives :

add 500 deny ip from 10.0.0.0/8 to any
add 510 skipto 530 ip from 192.168.1.0/24 to any
add 520 deny ip from 192.168.0.0/16 to any
add 530 count ip from any to any

It is not perfect but it works... 

The implemetation is not complete yet but you can get the idea :

is_num() {
    expr "$*" + 1 >/dev/null 2>&1
    return $?
}

rule_first=500
rule_inc=10 # How much to inc pr rule
rule_next=${rule_first} # The next rule to use
# Add a firewall rule
fwcmd_add() {
    # Check if we have a rule number
    if is_num "$1"; then
        rule_next=$1
        shift
    fi

    ${fwcmd} add ${rule_next} $@

    rule_next=$((${rule_next} + ${rule_inc}))
    
    # Note the are a bit odd since they are used by the next rule
    # Warning: These will FAIL if an absoule rule nr is used in one of
    # the rules before the one being skipped to
    rule_skip_1=$((${rule_next} + ${rule_inc} * 2))
    rule_skip_2=$((${rule_next} + ${rule_inc} * 3))
    rule_skip_3=$((${rule_next} + ${rule_inc} * 4))
}

-- 
Simon L. Nielsen

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+IZJm8kocFXgPTRwRAiqnAKDV4dS+3x+4vXAFLktin3deB99UywCg1C8E
k472IQc1ZiT75XuhRLzAHBA=
=pz7b
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030112160558.GE348>