Norberto Meijome wrote:
Kevin Kinsey wrote:================= # Rule number variable RuleNum=100 ################################# # this function increments $RulNum var by 100... # ################################# inc () { RuleNum=$(expr $1 "+" 100) } ################## # LET'S GET STARTED # ################## # flush the ruleset ... /sbin/ipfw -q flush # set up the loopback ... $FW $RuleNum allow ip from any to any via $loopback inc $RuleNum # deny localhost traffic on other interfaces $FW $RuleNum deny ip from 127.0.0.0/8 to any inc $RuleNum $FW $RuleNum deny ip from any to 127.0.0.0/8 inc $RuleNum ==================nice use...but what's the point ? ipfw assigns rule #s automatically. I agree that you may want to hardcode your rule #s (0-100 for localhost, 200 - 5000 for LAN, etc) but using your inc() process defeats the purpose of this. just my $0.02 Beto
Well, I was tired of hardcoding rule numbers, and wanted the script to do it for me and still have "gaps". IIRC, when I wrote this one, I wanted a gap larger than 100 between certain sets of rules, so I needed to have control over $RuleNum instead of letting ipfw do it. A do...while farther down allows for addition of new rules in the upper section while keeping the next section starting at foo-thousand. I did say I didn't know if it was a great script, but it's a slightly more advanced example of sh(1) scripting. In part, it was a learning exercise for me.... HAND, Kevin Kinsey _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
