From owner-freebsd-questions@FreeBSD.ORG  Sun Jul 18 17:43:58 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3E32616A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 18 Jul 2004 17:43:58 +0000 (GMT)
Received: from mr2.ucalgary.ca (mr2.ucalgary.ca [136.159.34.166])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 21E6243D3F
	for <freebsd-questions@freebsd.org>;
	Sun, 18 Jul 2004 17:43:58 +0000 (GMT)
	(envelope-from acdalton@ucalgary.ca)
Received: from mhost2.ucalgary.ca (mhost2.ucalgary.ca [136.159.36.11])
	by mr2.ucalgary.ca (Postfix) with ESMTP id 5534E36768
	for <freebsd-questions@freebsd.org>;
	Sun, 18 Jul 2004 11:43:57 -0600 (MDT)
Received: from ucalgary.ca (acs1.acs.ucalgary.ca [136.159.34.221])
	by mhost2.ucalgary.ca (8.11.7/8.11.6) with ESMTP id i6IHhs330644
	for <freebsd-questions@freebsd.org>; Sun, 18 Jul 2004 11:43:54 -0600
Received: from localhost (acdalton@localhost)
	by ucalgary.ca (AIX4.3/8.9.3p2/8.9.3) with ESMTP id LAA39570
	for <freebsd-questions@freebsd.org>; Sun, 18 Jul 2004 11:43:54 -0600
Date: Sun, 18 Jul 2004 11:43:54 -0600 (MDT)
From: Aaron Dalton <acdalton@ucalgary.ca>
X-X-Sender: acdalton@acs1.acs.ucalgary.ca
To: freebsd-questions@freebsd.org
Message-ID: <Pine.A41.4.44.0407181139490.22800-100000@acs1.acs.ucalgary.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-MailScanner-Information: Please contact IT Help Desk at (403) 220-5555 for
	more information
X-UCalgary-MailScanner: Found to be clean
X-UCalgary-MailScanner-SpamCheck: not spam, spamassassin (score=-4.9,
	required 8, autolearn=not spam, BAYES_00)
Subject: ipfw rule deletion
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jul 2004 17:43:58 -0000

I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall.  I can add them just fine, but I can't find the best
way to delete them.  Is the only way to specify the exact rule number?
Below is the add script itself.  Thanks for your help!

#!/bin/sh
#
#  file "ipfw_add"
#  Sample firewall-add script, called by "doormand".
#  This example can be used by systems which use ipfw.
#
#  Called with five arguments:
#
# $1 : name of the interface (e.g. eth0)
# #2 : source IP; i.e. dotted-decimal address of the 'knock' client
# $3 : source port; when this script is called for the first time
#      for a connection (man 8 doormand), this argument will be set
#      to a single "0" (0x30) character.  This means that the source
#      port is not yet known, and a broad rule allowing any source
#      port is required.
# $4 : destination IP; that is, the IP address of the interface
#      in argument 1.
# $5 : The port number of the requested service (e.g. 22 for ssh, etc.)
#
#
if [ $3 = 0 ]
then
    ipfw  add    allow log tcp   from $2      to $4 $5   in  setup
keep-state
else
    ipfw  add    allow log tcp   from $2 $3   to $4 $5   in  setup
keep-state
fi

err=$?

if [ $err = 0 ]
then
    echo 0
else
    echo $err 3  The firewall_add script sez: "Dang."
fi


-- 
Aaron Dalton
acdalton@ucalgary.ca
PGPKeyID# 0x65AB5571