ipfw rule deletion
Aaron Dalton
acdalton at ucalgary.ca
Sun Jul 18 10:43:58 PDT 2004
I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall. I can add them just fine, but I can't find the best
way to delete them. Is the only way to specify the exact rule number?
Below is the add script itself. Thanks for your help!
#!/bin/sh
#
# file "ipfw_add"
# Sample firewall-add script, called by "doormand".
# This example can be used by systems which use ipfw.
#
# Called with five arguments:
#
# $1 : name of the interface (e.g. eth0)
# #2 : source IP; i.e. dotted-decimal address of the 'knock' client
# $3 : source port; when this script is called for the first time
# for a connection (man 8 doormand), this argument will be set
# to a single "0" (0x30) character. This means that the source
# port is not yet known, and a broad rule allowing any source
# port is required.
# $4 : destination IP; that is, the IP address of the interface
# in argument 1.
# $5 : The port number of the requested service (e.g. 22 for ssh, etc.)
#
#
if [ $3 = 0 ]
then
ipfw add allow log tcp from $2 to $4 $5 in setup
keep-state
else
ipfw add allow log tcp from $2 $3 to $4 $5 in setup
keep-state
fi
err=$?
if [ $err = 0 ]
then
echo 0
else
echo $err 3 The firewall_add script sez: "Dang."
fi
--
Aaron Dalton
acdalton at ucalgary.ca
PGPKeyID# 0x65AB5571
More information about the freebsd-questions
mailing list