I am using Doorman (http://doorman.sourceforge.net)as a port knocking
daemon and I need to write a short script that adds and deletes rules to
the ipfw firewall. I can add them just fine, but I can't find the best
way to delete them. Is the only way to specify the exact rule number?
Below is the add script itself. Thanks for your help!
#!/bin/sh
#
# file "ipfw_add"
# Sample firewall-add script, called by "doormand".
# This example can be used by systems which use ipfw.
#
# Called with five arguments:
#
# $1 : name of the interface (e.g. eth0)
# #2 : source IP; i.e. dotted-decimal address of the 'knock' client
# $3 : source port; when this script is called for the first time
# for a connection (man 8 doormand), this argument will be set
# to a single "0" (0x30) character. This means that the source
# port is not yet known, and a broad rule allowing any source
# port is required.
# $4 : destination IP; that is, the IP address of the interface
# in argument 1.
# $5 : The port number of the requested service (e.g. 22 for ssh, etc.)
#
#
if [ $3 = 0 ]
then
ipfw add allow log tcp from $2 to $4 $5 in setup
keep-state
else
ipfw add allow log tcp from $2 $3 to $4 $5 in setup
keep-state
fi
err=$?
if [ $err = 0 ]
then
echo 0
else
echo $err 3 The firewall_add script sez: "Dang."
fi
--
Aaron Dalton
[EMAIL PROTECTED]
PGPKeyID# 0x65AB5571
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
