From owner-freebsd-questions@FreeBSD.ORG Thu Jun 30 15:06:54 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5388516A41C for ; Thu, 30 Jun 2005 15:06:54 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03C3D43D1F for ; Thu, 30 Jun 2005 15:06:53 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [192.168.2.2] ([69.27.157.226]) by ezekiel.daleco.biz (8.13.1/8.13.1) with ESMTP id j5UF6lcF050454; Thu, 30 Jun 2005 10:06:52 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <42C40A60.8010508@daleco.biz> Date: Thu, 30 Jun 2005 10:06:08 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050607 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Norberto Meijome References: <1120015025.659.12.camel@chaucer> <42C21862.6010700@daleco.biz> <42C224E2.1070003@meijome.net> In-Reply-To: <42C224E2.1070003@meijome.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-questions@FreeBSD. ORG" Subject: Re: Shell script help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 15:06:54 -0000 Norberto Meijome wrote: > Kevin Kinsey wrote: > >> >> ================= >> >> # Rule number variable >> RuleNum=100 >> >> ################################# >> # this function increments $RulNum var by 100... # >> ################################# >> >> inc () { >> RuleNum=$(expr $1 "+" 100) >> } >> >> >> ################## >> # LET'S GET STARTED # >> ################## >> >> # flush the ruleset ... >> /sbin/ipfw -q flush >> >> # set up the loopback ... >> $FW $RuleNum allow ip from any to any via $loopback >> inc $RuleNum >> >> # deny localhost traffic on other interfaces >> $FW $RuleNum deny ip from 127.0.0.0/8 to any >> inc $RuleNum >> $FW $RuleNum deny ip from any to 127.0.0.0/8 >> inc $RuleNum >> >> ================== > > > nice use...but what's the point ? ipfw assigns rule #s automatically. > > I agree that you may want to hardcode your rule #s (0-100 > for localhost, 200 - 5000 for LAN, etc) but using your inc() process > defeats the purpose of this. > > just my $0.02 > Beto Well, I was tired of hardcoding rule numbers, and wanted the script to do it for me and still have "gaps". IIRC, when I wrote this one, I wanted a gap larger than 100 between certain sets of rules, so I needed to have control over $RuleNum instead of letting ipfw do it. A do...while farther down allows for addition of new rules in the upper section while keeping the next section starting at foo-thousand. I did say I didn't know if it was a great script, but it's a slightly more advanced example of sh(1) scripting. In part, it was a learning exercise for me.... HAND, Kevin Kinsey