Date: Sat, 20 Nov 2004 12:48:22 -0800 (PST) From: David Wolfskill <david@catwhisker.org> To: freebsd-security@freebsd.org Subject: Re: Importing into rc.firewal rules Message-ID: <200411202048.iAKKmMpf023503@bunrab.catwhisker.org> In-Reply-To: <20041120133048.N7533@zoraida.natserv.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Sat, 20 Nov 2004 13:32:15 -0500 (EST) >From: Francisco Reyes <lists@natserv.com> >I have a grown list of IPs that I am "deny ip from ###.### to any". >Infected machines, hackers, etc.. OK.... >Is there a way to have this list outside of rc.firewall and just read it >in? Sure, if you modify rc.firewall or use a different mechanism to construct the rules. The supplied rc.firewall is a shell script; see ". file" in man sh for one way to read the contents of another file into a shell script. You could also generate the ipfw comamnds via some other (combination of) (scripting) language(s), including Perl or m4 -- as long as each such component you use is available at the time it is first invoked (rather early in the boot process). A lot is likely to depend on how dynamic the "grown list" is. Peace, david -- David H. Wolfskill david@catwhisker.org I resent spammers because spam is a DoS attack on my time. See http://www.catwhisker.org/~david/publickey.gpg for public key.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411202048.iAKKmMpf023503>