From owner-freebsd-questions@FreeBSD.ORG  Sun Jul 18 18:46:14 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF4E516A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 18 Jul 2004 18:46:14 +0000 (GMT)
Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 938AE43D2D
	for <freebsd-questions@freebsd.org>;
	Sun, 18 Jul 2004 18:46:14 +0000 (GMT)
	(envelope-from pauls@utdallas.edu)
Received: from [192.168.2.102] (adsl-68-95-23-185.dsl.rcsntx.swbell.net
	[68.95.23.185])
	by smtp1.utdallas.edu (Postfix) with ESMTP id 0F15F388D91;
	Sun, 18 Jul 2004 13:46:14 -0500 (CDT)
Date: Sun, 18 Jul 2004 13:46:15 -0500
From: Paul Schmehl <pauls@utdallas.edu>
To: Aaron Dalton <acdalton@ucalgary.ca>,
	freebsd-questions@freebsd.org
Message-ID: <2147483647.1090158375@[192.168.2.102]>
In-Reply-To: <Pine.A41.4.44.0407181139490.22800-100000@acs1.acs.ucalgary.ca>
References: <Pine.A41.4.44.0407181139490.22800-100000@acs1.acs.ucalgary.ca>
X-Mailer: Mulberry/3.0.3 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: Re: ipfw rule deletion
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Paul Schmehl <pauls@utdallas.edu>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jul 2004 18:46:15 -0000

--On Sunday, July 18, 2004 11:43 AM -0600 Aaron Dalton 
<acdalton@ucalgary.ca> wrote:

> I am using Doorman (http://doorman.sourceforge.net)as a port knocking
> daemon and I need to write a short script that adds and deletes rules to
> the ipfw firewall.  I can add them just fine, but I can't find the best
> way to delete them.  Is the only way to specify the exact rule number?

Yes.

Just use awk to extract the number.  One way to handle it would be to write 
each add rule to a text file.  Then, when you want to delete the rule, you 
grab the IP address from the text file, and then use awk to find the right 
rule.  Something like this:

${fwcmd} delete `awk '/$IP/ {print $1}'`

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu