Saving runtime created rules
Steve Bertrand
steve at ibctech.ca
Fri Feb 27 10:14:03 PST 2009
I am frequently adding/changing/deleting IPFW rules on my FBSD powered
Quagga edge routers, and often neglect to update the start up script.
Fearing the disaster that would result if one of my routers reboots
without a saved IPFW config, I went about creating a method to save
runtime lists to be used at startup. I thought I'd share my experience.
First, I deleted all of the actual rules from my startup sh script
(/etc/ipfw.rules). I left all script variables and tables in this file.
I then added ". /etc/ipfw.include" to the bottom of the script. Then:
# ipfw list | \
# perl -nle 's/table\((\d+)\)/\"table($1)"/g; print "\$cmd $_";' \
# > /etc/ipfw.include
# chown root:wheel /etc/ipfw.include && chmod 400 /etc/ipfw.include
Now any time that I run that command pipeline, all rules are saved in
the include file. This could be cronned, but I'm hesitant to go that far
at this point, because there is no syntax checking at all.
Cheers!
Steve
More information about the freebsd-ipfw
mailing list