Re: Importing into rc.firewal rules
From: David Wolfskill (david_at_catwhisker.org)
Date: 11/20/04
- Previous message: Matthew Seaman: "Re: Importing into rc.firewal rules"
- In reply to: Francisco Reyes: "Importing into rc.firewal rules"
- Next in thread: Andrew Konstantinov: "Re: Importing into rc.firewal rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 20 Nov 2004 12:48:22 -0800 (PST) To: freebsd-security@freebsd.org
>Date: Sat, 20 Nov 2004 13:32:15 -0500 (EST)
>From: Francisco Reyes <lists@natserv.com>
>I have a grown list of IPs that I am "deny ip from ###.### to any".
>Infected machines, hackers, etc..
OK....
>Is there a way to have this list outside of rc.firewall and just read it
>in?
Sure, if you modify rc.firewall or use a different mechanism to
construct the rules. The supplied rc.firewall is a shell script; see
". file" in man sh for one way to read the contents of another file
into a shell script.
You could also generate the ipfw comamnds via some other (combination
of) (scripting) language(s), including Perl or m4 -- as long as
each such component you use is available at the time it is first
invoked (rather early in the boot process).
A lot is likely to depend on how dynamic the "grown list" is.
Peace,
david
-- David H. Wolfskill david@catwhisker.org I resent spammers because spam is a DoS attack on my time. See http://www.catwhisker.org/~david/publickey.gpg for public key. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Matthew Seaman: "Re: Importing into rc.firewal rules"
- In reply to: Francisco Reyes: "Importing into rc.firewal rules"
- Next in thread: Andrew Konstantinov: "Re: Importing into rc.firewal rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
