Date: Thu, 25 Nov 1999 07:33:13 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Tony Landells <ahl@austclear.com.au> Cc: ipfw@freebsd.org, arch@freebsd.org Subject: Re: new IPFW Message-ID: <199911251534.HAA67071@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 25 Nov 1999 08:48:10 %2B1100." <199911242148.IAA25984@tungsten.austclear.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199911242148.IAA25984@tungsten.austclear.com.au>, Tony Landells wri
tes:
> I'd be much happier with something in ipfw that just marked the next line
> number to be used, preferably in a way that I could get it to move to the
> next "grouping"--like "set the next rule number to the next multiple of
> 1000".
This is what I use in one of my dialup scripts at home:
#!/usr/local/bin/bash -
#
# Generic firewall routines.
#
fw() {
set $@
if /sbin/ipfw -q $@; then : ; else
/usr/bin/logger -t "net[$$]" -p auth.error error in: /sbin/ipfw
-q $@
echo error in: /sbin/ipfw -q $@
fi
}
firewall() {
set $@
fw add $NUMBER $@
let NUMBER=$NUMBER+1
}
...
NUMBER=23000
fw add 29998 reset log ...
firewall deny log ...
firewall deny log ...
...
NUMBER=1100
for SYSTEM in $SERVERS; do
firewall divert natd ... out via $DEVICE
firewall divert natd ... in via $DEVICE
firewall accept ip ... out via $DEVICE
firewall accept ip ... in via $DEVICE
done
...
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911251534.HAA67071>