From owner-freebsd-ipfw Thu Nov 25 11:41:18 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 9B4FD14C86; Thu, 25 Nov 1999 11:41:13 -0800 (PST) (envelope-from julian@whistle.com) Received: from current1.whiste.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id LAA73476; Thu, 25 Nov 1999 11:40:58 -0800 (PST) Date: Thu, 25 Nov 1999 11:40:58 -0800 (PST) From: Julian Elischer To: Cy Schubert - ITSD Open Systems Group Cc: Tony Landells , ipfw@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: new IPFW In-Reply-To: <199911251534.HAA67071@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 25 Nov 1999, Cy Schubert - ITSD Open Systems Group wrote: > In message <199911242148.IAA25984@tungsten.austclear.com.au>, Tony Landells wri > tes: > > I'd be much happier with something in ipfw that just marked the next line > > number to be used, preferably in a way that I could get it to move to the > > next "grouping"--like "set the next rule number to the next multiple of > > 1000". have you tried this? ipfw will add new un-numbered rules on the next 100 boundary after the rule you specified. > > This is what I use in one of my dialup scripts at home: > > #!/usr/local/bin/bash - > # > # Generic firewall routines. > # > fw() { > set $@ > if /sbin/ipfw -q $@; then : ; else > /usr/bin/logger -t "net[$$]" -p auth.error error in: /sbin/ipfw > -q $@ > echo error in: /sbin/ipfw -q $@ > fi > } > > firewall() { > set $@ > fw add $NUMBER $@ > let NUMBER=$NUMBER+1 > } > ... > NUMBER=23000 > fw add 29998 reset log ... > firewall deny log ... > firewall deny log ... > ... > NUMBER=1100 > for SYSTEM in $SERVERS; do > firewall divert natd ... out via $DEVICE > firewall divert natd ... in via $DEVICE > firewall accept ip ... out via $DEVICE > firewall accept ip ... in via $DEVICE > done > ... > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca > ITSD Cy.Schubert@gems8.gov.bc.ca > Province of BC > "e**(i*pi)+1=0" > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-arch" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message