On Mon, Jan 03, 2005 at 05:28:56PM -0600, Eric F Crist wrote: > A couple more questions, then I'm done. Promise. > > I need to verify whether or not there is an entry for grog_firewall_oif > and grog_firewall_iif in /etc/rc.conf. If not, I want to exit with an > error.
Read /etc/rc.conf into your script's namespace using the syntax already discussed in this thread (`. /etc/defaults/rc.conf'), and you can then test for the existence of any variable it defines (or doesn't define): if [ -n "${grog_firewall_iif}" ] then # Do stuff if ${grog_firewall_iif} is set else # Do stuff if ${grog_firewall_iif} is NOT set fi Or, to reverse the logic, use [ -z "{grog_firewall_iif}" ] if [ -z "${grog_firewall_iif}" ] then # Do stuff if ${grog_firewall_iif} is NOT set else # Do stuff if ${grog_firewall_iif} is set fi > Also, a little more advanced, I need to pull information from an > ifconfig output. I need to pull network numbers for both the internal > interface, as well as external interface. For example, > > vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255 > inet6 fe80::20e:a6ff:feb9:2d3d%vr0 prefixlen 64 scopeid 0x3 > ether 00:0e:a6:b9:2d:3d > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > > I don't actually need my own address, I need to be able to figure out > that the system, based on the above output, is on the 192.168.1.0/24 > network. This will be input into my firewall rulesets. > > I imagine that there's a util or command around that can do this, or I > can code out the math, but there's got to be an easier way. ipfw(8) can understand the netmask in hex format, so you can simply say: ii_nw=$(ifconfig "${grog_firewall_iif}" | awk '/inet/ {print $2":"$4}') ${ii_nw} will now contain something like "192.168.37.23:0xffffff00", which you can safely pass to ipfw(8): (2)[EMAIL PROTECTED]:~] ---># ipfw add 900 allow ip from any to 192.168.37.23:0xffffff00 00900 allow ip from any to 192.168.0.0/24 HTH Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \
pgpzX8L4mvvFg.pgp
Description: PGP signature