Date: Tue, 8 Apr 2003 16:59:48 -0400 From: Asenchi <asenchi@asenchi.com> To: freebsd-questions@freebsd.org Subject: ipfw: missing ")" ????? Message-ID: <20030408165948.6b1fd1d7.asenchi@asenchi.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hello All, Another question (I hope this one isn't as obvious as before :)). I am loading a new ruleset that uses IPFW2 and I get this error 4 times after a /etc/netstart ipfw: missing ")" My ruleset is attached. Thanks for any help in advance. Curt Micol [-- Attachment #2 --] #!/bin/sh ##### #$Id: rc.firewall,v 1.14 2003/04/07 03:20:40 asenchi Exp $ #FIREWALL RULES # These rules were created from the howto located here: # http://www.freebsd-howto.com/HOWTO/ipfw-HOWTO # More information is available at: # http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html # On 04/07/2003 these rules were changed to use IPFW2. ##### fwcmd="/sbin/ipfw -q" oif="rl0" onet="`ifconfig rl0 | grep "inet " | awk '{print $6}'`" omask="`ifconfig rl0 | grep "inet " | awk '{print $4}'`" oip="`ifconfig rl0 | grep "inet " | awk '{print $2}'`" #iif="rl0" #inet="192.168.0.0" #imask="255.255.255.0" #iip="192.168.0.1" ftp="{ 64.x.x.x \ or 64.x.x.0/24 \ or ftp.freebsd.org \ or cvsup3.freebsd.org \ or ftp3.freebsd.org \ or ftp12.freebsd.org \ or ftp.sourceforge.net }" goodguys="{ 192.168.0.0/24 or 64.x.x.x/29 or 198.x.x.x }" any_any="from any to any" ipany_any="ip from any to any" tcpany_any="tcp from any to any" udpany_any="udp from any to any" $fwcmd -f flush ##### Natd ##### $fwcmd add 00050 divert natd all $any_any via $oif ##### localhost ##### $fwcmd add 00100 pass all $any_any via lo0 $fwcmd add 00101 deny all from any to 127.0.0.0/8 $fwcmd add 00102 deny ip from 127.0.0.0/8 to any ##### Local Stuff ##### # $fwcmd add 01000 allow all from $onet:$omask to $inet:$imask via vr0 # $fwcmd add 01100 allow all from $inet:$imask to any via rl0 ##### Fragmented Packets ##### $fwcmd add 01200 pass all $any_any frag ##### ssh ##### $fwcmd add 01900 allow tcp from $goodguys to me dst-port 22 ##### needed ports ##### $fwcmd add 02000 pass $tcpany_any dst-port 23,25,110,443,5190,5999,8080,8383 ##### Gkrellm monitor ##### $fwcmd add 02200 allow { udp or tcp } from me to \ { 192.168.0.0/24 or 64.x.x.x/29 or 12.x.x.x/16 } dst-port 19150 ##### NetOp ##### $fwcmd add 02300 allow { udp or tcp } $any_any dst-port 6501-6503 ##### log port 80 ##### $fwcmd add 04200 allow log logamount 100 $tcpany_any dst-port 80 ##### ping connections ##### $fwcmd add 07000 allow icmp $any_any out icmptypes 8 $fwcmd add 07100 allow icmp $any_any in icmptypes 0 $fwcmd add 07200 deny icmp $any_any in icmptypes 8 ##### FTP Rules ##### $fwcmd add 11000 pass tcp from $ftp to any established $fwcmd add 12000 pass tcp from $ftp 20 to any setup $fwcmd add 14000 pass tcp from any to $ftp 1024-59999 setup $fwcmd add 15000 pass tcp from any to $ftp 21 setup ##### log denied packets ##### $fwcmd add 60000 deny log logamount 100 all from any to mehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030408165948.6b1fd1d7.asenchi>