Re: Importing into rc.firewal rules

From: David Wolfskill (david_at_catwhisker.org)
Date: 11/20/04

  • Next message: Francisco Reyes: "Re: Importing into rc.firewal rules"
    Date: Sat, 20 Nov 2004 12:48:22 -0800 (PST)
    To: freebsd-security@freebsd.org
    
    

    >Date: Sat, 20 Nov 2004 13:32:15 -0500 (EST)
    >From: Francisco Reyes <lists@natserv.com>

    >I have a grown list of IPs that I am "deny ip from ###.### to any".
    >Infected machines, hackers, etc..

    OK....

    >Is there a way to have this list outside of rc.firewall and just read it
    >in?

    Sure, if you modify rc.firewall or use a different mechanism to
    construct the rules. The supplied rc.firewall is a shell script; see
    ". file" in man sh for one way to read the contents of another file
    into a shell script.

    You could also generate the ipfw comamnds via some other (combination
    of) (scripting) language(s), including Perl or m4 -- as long as
    each such component you use is available at the time it is first
    invoked (rather early in the boot process).

    A lot is likely to depend on how dynamic the "grown list" is.

    Peace,
    david

    -- 
    David H. Wolfskill				david@catwhisker.org
    I resent spammers because spam is a DoS attack on my time.
    See http://www.catwhisker.org/~david/publickey.gpg for public key.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Francisco Reyes: "Re: Importing into rc.firewal rules"