Date: Sun, 18 Jul 2004 11:43:54 -0600 (MDT) From: Aaron Dalton <acdalton@ucalgary.ca> To: freebsd-questions@freebsd.org Subject: ipfw rule deletion Message-ID: <Pine.A41.4.44.0407181139490.22800-100000@acs1.acs.ucalgary.ca>
next in thread | raw e-mail | index | archive | help
I am using Doorman (http://doorman.sourceforge.net)as a port knocking daemon and I need to write a short script that adds and deletes rules to the ipfw firewall. I can add them just fine, but I can't find the best way to delete them. Is the only way to specify the exact rule number? Below is the add script itself. Thanks for your help! #!/bin/sh # # file "ipfw_add" # Sample firewall-add script, called by "doormand". # This example can be used by systems which use ipfw. # # Called with five arguments: # # $1 : name of the interface (e.g. eth0) # #2 : source IP; i.e. dotted-decimal address of the 'knock' client # $3 : source port; when this script is called for the first time # for a connection (man 8 doormand), this argument will be set # to a single "0" (0x30) character. This means that the source # port is not yet known, and a broad rule allowing any source # port is required. # $4 : destination IP; that is, the IP address of the interface # in argument 1. # $5 : The port number of the requested service (e.g. 22 for ssh, etc.) # # if [ $3 = 0 ] then ipfw add allow log tcp from $2 to $4 $5 in setup keep-state else ipfw add allow log tcp from $2 $3 to $4 $5 in setup keep-state fi err=$? if [ $err = 0 ] then echo 0 else echo $err 3 The firewall_add script sez: "Dang." fi -- Aaron Dalton acdalton@ucalgary.ca PGPKeyID# 0x65AB5571
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A41.4.44.0407181139490.22800-100000>