From owner-freebsd-arch Thu Nov 25 7:36:44 1999 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id E952514E66 for ; Thu, 25 Nov 1999 07:36:34 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id QAA26536 for ; Thu, 25 Nov 1999 16:36:32 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id QAA39820 for freebsd-arch@freebsd.org; Thu, 25 Nov 1999 16:36:32 +0100 (MET) Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id B6F8014CED; Thu, 25 Nov 1999 07:36:06 -0800 (PST) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA12448; Thu, 25 Nov 1999 07:36:05 -0800 Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by point.osg.gov.bc.ca, id smtpda12446; Thu Nov 25 07:35:47 1999 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id HAA67071; Thu, 25 Nov 1999 07:34:03 -0800 (PST) Message-Id: <199911251534.HAA67071@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdD67066; Thu Nov 25 07:33:14 1999 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.3-RELEASE X-Sender: cy To: Tony Landells Cc: ipfw@freebsd.org, arch@freebsd.org Subject: Re: new IPFW In-reply-to: Your message of "Thu, 25 Nov 1999 08:48:10 +1100." <199911242148.IAA25984@tungsten.austclear.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 25 Nov 1999 07:33:13 -0800 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <199911242148.IAA25984@tungsten.austclear.com.au>, Tony Landells wri tes: > I'd be much happier with something in ipfw that just marked the next line > number to be used, preferably in a way that I could get it to move to the > next "grouping"--like "set the next rule number to the next multiple of > 1000". This is what I use in one of my dialup scripts at home: #!/usr/local/bin/bash - # # Generic firewall routines. # fw() { set $@ if /sbin/ipfw -q $@; then : ; else /usr/bin/logger -t "net[$$]" -p auth.error error in: /sbin/ipfw -q $@ echo error in: /sbin/ipfw -q $@ fi } firewall() { set $@ fw add $NUMBER $@ let NUMBER=$NUMBER+1 } ... NUMBER=23000 fw add 29998 reset log ... firewall deny log ... firewall deny log ... ... NUMBER=1100 for SYSTEM in $SERVERS; do firewall divert natd ... out via $DEVICE firewall divert natd ... in via $DEVICE firewall accept ip ... out via $DEVICE firewall accept ip ... in via $DEVICE done ... Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message