Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jun 2005 10:06:08 -0500
From:      Kevin Kinsey <kdk@daleco.biz>
To:        Norberto Meijome <freebsd@meijome.net>
Cc:        "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
Subject:   Re: Shell script help
Message-ID:  <42C40A60.8010508@daleco.biz>
In-Reply-To: <42C224E2.1070003@meijome.net>
References:  <MIEPLLIBMLEEABPDBIEGCEOCHHAA.fbsd_user@a1poweruser.com>	<1120015025.659.12.camel@chaucer>	<42C21862.6010700@daleco.biz> <42C224E2.1070003@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Norberto Meijome wrote:

> Kevin Kinsey wrote:
>
>>
>> =================
>>
>> # Rule number variable
>>   RuleNum=100
>>
>> #################################
>> # this function increments $RulNum var by 100... #
>> #################################
>>
>> inc () {
>>   RuleNum=$(expr $1 "+" 100)
>> }
>>
>>
>> ##################
>> #   LET'S GET STARTED   #
>> ##################
>>
>> # flush the ruleset ...
>>   /sbin/ipfw -q flush
>>
>> # set up the loopback ...
>>   $FW $RuleNum allow ip from any to any via $loopback
>>   inc $RuleNum
>>
>> # deny localhost traffic on other interfaces
>>   $FW $RuleNum deny ip from 127.0.0.0/8 to any
>>   inc $RuleNum
>>   $FW $RuleNum deny ip from any to 127.0.0.0/8
>>   inc $RuleNum
>>
>> ==================
>
>
> nice use...but what's the point ? ipfw assigns rule #s automatically.
>
> I agree that you may want to hardcode your rule #s (0-100
> for localhost, 200 - 5000 for LAN, etc) but using your inc() process
> defeats the purpose of this.
>
> just my $0.02
> Beto


Well, I was tired of hardcoding rule numbers, and wanted
the script to do it for me and still have "gaps".

IIRC, when I wrote this one, I wanted a gap larger than 100
between certain sets of rules, so I needed to have control
over $RuleNum instead of letting ipfw do it.  A do...while
farther down allows for addition of new rules in the
upper section while keeping the next section starting at
foo-thousand.

I did say I didn't know if it was a great script, but it's
a slightly more advanced example of sh(1) scripting.
In part, it was a learning exercise for me....

HAND,

Kevin Kinsey

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42C40A60.8010508>