From owner-freebsd-questions@FreeBSD.ORG Wed Nov 29 19:37:23 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4273216A412 for ; Wed, 29 Nov 2006 19:37:23 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (prime.gushi.org [72.9.101.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 465A543CA3 for ; Wed, 29 Nov 2006 19:37:19 +0000 (GMT) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (localhost [127.0.0.1]) by prime.gushi.org (8.13.6/8.13.6) with ESMTP id kATJckUx058064 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 29 Nov 2006 14:38:47 -0500 (EST) (envelope-from danm@prime.gushi.org) DKIM-Signature: a=rsa-sha1; c=simple/simple; d=prime.gushi.org; s=primegushiorg; t=1164829127; bh=J8YAmmrn8mnN8L9Yh75Mbr1tAjs=; h=DomainKey-Signature: Received:Date:From:To:Subject:Message-ID:MIME-Version: Content-Type; b=KvChXRRs8HyjzvF2eze3C/YGnaXQtoBIz456QvggNXN7WoJqmqi jEVQAe2U68a3oznE4LyKe/O1O6t5MwecUPg== DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=prime.gushi.org; c=nofws; q=dns; h=received:date:from:to:subject:message-id:mime-version:content-type; b=ZLzy9U5aih+VS8WNEOQPYHAOSScpuSdCQyEqJsIBZAh/yyMZYAXFS4xMTSkhd3miY X4V2DThPBuQZOQ1d9C+cg== Received: (from danm@localhost) by prime.gushi.org (8.13.6/8.13.6/Submit) id kATJckLe058063; Wed, 29 Nov 2006 14:38:46 -0500 (EST) (envelope-from danm) Date: Wed, 29 Nov 2006 14:38:46 -0500 (EST) From: "Dan Mahoney, System Admin" To: questions@freebsd.org Message-ID: <20061129143557.S55795@prime.gushi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Command to "dump" firewall rules to be persistent across reboots. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2006 19:37:23 -0000 Hey all, I'm experimenting with ipfw as means of controlling some interesting anomalies like with portsenty or some ssh anti-brute-force scripts (i.e. adding bad hosts to tables, adding deny rules for certain hosts, etc), and I was wondering if there was (either in the form of a script, or a builtin command I can't find) some way to just "dump" all the ipfw data (pipes, queues, tables, etc) to a single file to be re-read on boot? I'd be willing to try and write something like this if it doesn't already exist, but I'm rather surprised it doesn't. -Dan Mahoney -- "A single death is a tragedy. A million deaths is a statistic." -Josef Stalin, As quoted on the cover to Savatage's "Dead Winter Dead" --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------