On Wednesday 29 November 2006 13:38, Dan Mahoney, System Admin wrote:
> Hey all, I'm experimenting with ipfw as means of controlling some
> interesting anomalies like with portsenty or some ssh anti-brute-force
> scripts (i.e. adding bad hosts to tables, adding deny rules
> for certain hosts, etc), and I was wondering if there was (either in the
> form of a script, or a builtin command I can't find) some way to just
> "dump" all the ipfw data (pipes, queues, tables, etc) to a single file to
> be re-read on boot?
>
> I'd be willing to try and write something like this if it doesn't already
> exist, but I'm rather surprised it doesn't.
>
> -Dan Mahoney
>
> --
>
> "A single death is a tragedy. A million deaths is a statistic."
>
> -Josef Stalin, As quoted on the cover to Savatage's "Dead Winter Dead"
>
> Dan Mahoney
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---
Dan,
Take a look at "man rc.shutdown"
I don't know if it's exactly what you want, but there may be another way:
Write a script in /usr/local/etc/rc.d that responds to the "start" and "stop"
parameters. In the "stop" section you can output "ipfw list" to a file.
Then in the "start" section you can read that file and run each line,
essentially unmodified, agains ipfw.
good luck!
lane
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
