Shell script help
Kevin Kinsey
kdk at daleco.biz
Thu Jun 30 15:06:54 GMT 2005
Norberto Meijome wrote:
> Kevin Kinsey wrote:
>
>>
>> =================
>>
>> # Rule number variable
>> RuleNum=100
>>
>> #################################
>> # this function increments $RulNum var by 100... #
>> #################################
>>
>> inc () {
>> RuleNum=$(expr $1 "+" 100)
>> }
>>
>>
>> ##################
>> # LET'S GET STARTED #
>> ##################
>>
>> # flush the ruleset ...
>> /sbin/ipfw -q flush
>>
>> # set up the loopback ...
>> $FW $RuleNum allow ip from any to any via $loopback
>> inc $RuleNum
>>
>> # deny localhost traffic on other interfaces
>> $FW $RuleNum deny ip from 127.0.0.0/8 to any
>> inc $RuleNum
>> $FW $RuleNum deny ip from any to 127.0.0.0/8
>> inc $RuleNum
>>
>> ==================
>
>
> nice use...but what's the point ? ipfw assigns rule #s automatically.
>
> I agree that you may want to hardcode your rule #s (0-100
> for localhost, 200 - 5000 for LAN, etc) but using your inc() process
> defeats the purpose of this.
>
> just my $0.02
> Beto
Well, I was tired of hardcoding rule numbers, and wanted
the script to do it for me and still have "gaps".
IIRC, when I wrote this one, I wanted a gap larger than 100
between certain sets of rules, so I needed to have control
over $RuleNum instead of letting ipfw do it. A do...while
farther down allows for addition of new rules in the
upper section while keeping the next section starting at
foo-thousand.
I did say I didn't know if it was a great script, but it's
a slightly more advanced example of sh(1) scripting.
In part, it was a learning exercise for me....
HAND,
Kevin Kinsey
More information about the freebsd-questions
mailing list