From owner-freebsd-ipfw Wed Dec 4 13: 3:46 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8F9B37B404 for ; Wed, 4 Dec 2002 13:03:42 -0800 (PST) Received: from diana.northnetworks.ca (att-ws20.switchview.com [216.13.70.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 455E743ECF for ; Wed, 4 Dec 2002 13:03:41 -0800 (PST) (envelope-from iaccounts@northnetworks.ca) Received: from northnetworks.ca ([192.168.0.250]) by diana.northnetworks.ca (8.11.6/8.11.6) with ESMTP id gB4L3bL72337 for ; Wed, 4 Dec 2002 16:03:37 -0500 (EST) (envelope-from iaccounts@northnetworks.ca) Message-ID: <3DEE6D69.1080504@northnetworks.ca> Date: Wed, 04 Dec 2002 16:02:33 -0500 From: Steve Bertrand User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc3) Gecko/20020524 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Re: Auto-recover References: <3DEE16D7.1020706@northnetworks.ca> <3DEE39C3.5040704@northnetworks.ca> <000901c29bbb$7bb4a0a0$4635a8c0@sloniki> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG change_rules.sh should be located in # /usr/share/examples/ipfw/ After reviewing the code, it appears it will not function as required for me. I have converted my firewall script to perl, and am building a setup that will enable me to set the flush rule dynamically, therefore allowing me to only load rules from a certain point down. I am hoping that this will enable me to retain the top few rules, allowing me to remain connected to the server as the new rules are loaded. No loss of connectivity, therefore, no chance of having to drive 100 miles to manually reload the fw. I am far more capable programming in perl or c as opposed to writing shell scripts, so I will gain future expandability of the new script. Thanks for all help!! Nikolaev D./ MTS wrote: >You have to do: >1. run "sleep10 && /bla-bla-bla/change_rules.sh &" >2. then do not wait but logout: "exit" >3. reconnect after some time (10 seconds for example). > >Or I did not understand you correctly ? Show "change_rules.sh" please. > >----- Original Message ----- >From: "Steve Bertrand" >To: "freebsd-ipfw" >Sent: Wednesday, December 04, 2002 8:22 PM >Subject: Re: Auto-recover > > > > >>Thanks for the suggestions, but neither worked. The bash command failed >>with a syntax error, and it appears that the unit sleeps for 10 seconds, >>then edits the script. The same problem occured. >> >>The fw program did not install correctly on my box, besides, it is not >>exactly what I need at this point. I will take a look at it though and >>will likely use some of the code for my own purposes. >> >>All I want to do is execute the ipfw script from a remote location and >>have it revert back if I can't get in. >> >>I think what I will do is write a perl script that will run the new >>script, watch for new ssh connections with my username, and revert to >>the old rules if no connection has been established within a set time. >> >>Now that I think about it, perhaps scrambling up the commands in >>Nicolaev's reply may help me on my way. >> >>Steve >> >>Steve Bertrand wrote: >> >> >> >>>No matter what I do, the auto-recover script (change_rules.sh) will >>>not process my new rules properly when connected via ssh. I suspect >>>that this is due to the flush at the top of my rules script. After >>>modification of my firewall script, I have to log back into the box >>>and the old rules are re-loaded. >>>Is there something special that I have to add or remove from my >>>ruleset to make this process work properly? >>> >>>Tks, >>>Steve >>> >>> >>>To Unsubscribe: send mail to majordomo@FreeBSD.org >>>with "unsubscribe freebsd-ipfw" in the body of the message >>> >>> >>> >>> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-ipfw" in the body of the message >> >> >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message