Date: Wed, 04 Dec 2002 16:02:33 -0500 From: Steve Bertrand <iaccounts@northnetworks.ca> To: freebsd-ipfw@freebsd.org Subject: Re: Auto-recover Message-ID: <3DEE6D69.1080504@northnetworks.ca> References: <3DEE16D7.1020706@northnetworks.ca> <3DEE39C3.5040704@northnetworks.ca> <000901c29bbb$7bb4a0a0$4635a8c0@sloniki>
next in thread | previous in thread | raw e-mail | index | archive | help
change_rules.sh should be located in # /usr/share/examples/ipfw/ After reviewing the code, it appears it will not function as required for me. I have converted my firewall script to perl, and am building a setup that will enable me to set the flush rule dynamically, therefore allowing me to only load rules from a certain point down. I am hoping that this will enable me to retain the top few rules, allowing me to remain connected to the server as the new rules are loaded. No loss of connectivity, therefore, no chance of having to drive 100 miles to manually reload the fw. I am far more capable programming in perl or c as opposed to writing shell scripts, so I will gain future expandability of the new script. Thanks for all help!! Nikolaev D./ MTS wrote: >You have to do: >1. run "sleep10 && /bla-bla-bla/change_rules.sh &" >2. then do not wait but logout: "exit" >3. reconnect after some time (10 seconds for example). > >Or I did not understand you correctly ? Show "change_rules.sh" please. > >----- Original Message ----- >From: "Steve Bertrand" <iaccounts@northnetworks.ca> >To: "freebsd-ipfw" <freebsd-ipfw@FreeBSD.ORG> >Sent: Wednesday, December 04, 2002 8:22 PM >Subject: Re: Auto-recover > > > > >>Thanks for the suggestions, but neither worked. The bash command failed >>with a syntax error, and it appears that the unit sleeps for 10 seconds, >>then edits the script. The same problem occured. >> >>The fw program did not install correctly on my box, besides, it is not >>exactly what I need at this point. I will take a look at it though and >>will likely use some of the code for my own purposes. >> >>All I want to do is execute the ipfw script from a remote location and >>have it revert back if I can't get in. >> >>I think what I will do is write a perl script that will run the new >>script, watch for new ssh connections with my username, and revert to >>the old rules if no connection has been established within a set time. >> >>Now that I think about it, perhaps scrambling up the commands in >>Nicolaev's reply may help me on my way. >> >>Steve >> >>Steve Bertrand wrote: >> >> >> >>>No matter what I do, the auto-recover script (change_rules.sh) will >>>not process my new rules properly when connected via ssh. I suspect >>>that this is due to the flush at the top of my rules script. After >>>modification of my firewall script, I have to log back into the box >>>and the old rules are re-loaded. >>>Is there something special that I have to add or remove from my >>>ruleset to make this process work properly? >>> >>>Tks, >>>Steve >>> >>> >>>To Unsubscribe: send mail to majordomo@FreeBSD.org >>>with "unsubscribe freebsd-ipfw" in the body of the message >>> >>> >>> >>> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-ipfw" in the body of the message >> >> >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DEE6D69.1080504>