Site Navigation

Date:      Thu, 25 Nov 1999 11:40:58 -0800 (PST)
From:      Julian Elischer <julian@whistle.com>
To:        Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc:        Tony Landells <ahl@austclear.com.au>, ipfw@FreeBSD.ORG, arch@FreeBSD.ORG
Subject:   Re: new IPFW 
Message-ID:  <Pine.BSF.4.10.9911251136050.430-100000@current1.whistle.com>
In-Reply-To: <199911251534.HAA67071@cwsys.cwsent.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Thu, 25 Nov 1999, Cy Schubert - ITSD Open Systems Group wrote:

> In message <199911242148.IAA25984@tungsten.austclear.com.au>, Tony Landells wri
> tes:
> > I'd be much happier with something in ipfw that just marked the next line
> > number to be used, preferably in a way that I could get it to move to the
> > next "grouping"--like "set the next rule number to the next multiple of
> > 1000".

have you tried this?
ipfw will add new un-numbered rules on the next 100 boundary after the
rule you specified.

> 
> This is what I use in one of my dialup scripts at home:
> 
> #!/usr/local/bin/bash -
> #
> # Generic firewall routines.
> #
> fw() {
>         set $@
>         if /sbin/ipfw -q $@; then : ; else
>                 /usr/bin/logger -t "net[$$]" -p auth.error error in: /sbin/ipfw
> -q $@
>                 echo error in: /sbin/ipfw -q $@
>         fi
> }
> 
> firewall() {
>         set $@
>         fw add $NUMBER $@
>         let NUMBER=$NUMBER+1
> }
> ...
> NUMBER=23000
> fw add 29998 reset log ...
> firewall deny log ...
> firewall deny log ...
> ...
> NUMBER=1100
> for SYSTEM in $SERVERS; do
>     firewall divert natd ... out via $DEVICE
>     firewall divert natd ... in via $DEVICE
>     firewall accept ip ... out via $DEVICE
>     firewall accept ip ... in via $DEVICE
> done
> ...
> 
> 
> Regards,                       Phone:  (250)387-8437
> Cy Schubert                      Fax:  (250)387-5766
> Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
> ITSD                                   Cy.Schubert@gems8.gov.bc.ca
> Province of BC
>                       "e**(i*pi)+1=0"
> 
> 
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911251136050.430-100000>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact