Find the answer to your Linux question:
Results 1 to 4 of 4
Thank you for existing and making my life easier . I need your help, please. I need to create a putty function to work like this. 1. A command in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2013
    Posts
    2

    Freebsd IPFW - Add/Remove firewall rule


    Thank you for existing and making my life easier . I need your help, please.

    I need to create a putty function to work like this.

    1. A command in putty:
    Code:
    ipfw addip [IP]
    This will add in /etc/rules.ipfw the following line:
    Code:
    $IPF 460 allow all from [IP] to any 22 in
    2. A command in putty:
    Code:
    ipfw removeip [IP]
    This will search in /etc/rules.ipfw for the line with specific [IP] and it will remove it.

    Example line to be removed
    Code:
    $IPF 460 allow all from [IP] to any 22 in
    Thank you.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    hello and welcome, lrdro!

    what do you mean by a "function"? Is there a special feature in the putty program that allows you to run a function, like a macro? Or do you simply mean you want a shell script that you can execute to do the firewall commands?

    also, trying to figure out what you are asking: are you interested in a function/script that modifies the rules.ipfw config file for you, instead of using the ipfw commands? and why?

  3. #3
    Just Joined!
    Join Date
    Nov 2013
    Posts
    2
    Quote Originally Posted by atreyu View Post
    hello and welcome, lrdro!

    what do you mean by a "function"? Is there a special feature in the putty program that allows you to run a function, like a macro? Or do you simply mean you want a shell script that you can execute to do the firewall commands?

    also, trying to figure out what you are asking: are you interested in a function/script that modifies the rules.ipfw config file for you, instead of using the ipfw commands? and why?
    hello,
    i need to create 2 putty comands to add or remote ips from firewall.

    simpler commands, like

    add_ipd $IP $PORT - this command to add the ip into rules file of ipfw . and the remove command that will search for specific ip and port

    remove_ip $IP $PORT

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by lrdro View Post
    i need to create 2 putty comands to add or remote ips from firewall.
    okay, so just so you know, the commands are not putty-specific. putty is just your terminal emulator. what you are looking for is a shell script. instead of putty, you might also be using xterm, or a console directly attached to the box. any of these can be used to run a script. anyway, on to the script...

    simpler commands, like

    add_ipd $IP $PORT - this command to add the ip into rules file of ipfw . and the remove command that will search for specific ip and port

    remove_ip $IP $PORT
    here's a script that will modify your firewall file. it uses sed to remove matching lines. call it "config-ipfw.sh". i combined add and remove functionality in the same script. call it with 3 arguments; the action (add or remove), the ipaddress and port (like you originally stated), e.g.:

    Code:
    ./config-ipfw.sh add 192.168.1.3 22
    here's the script:
    Code:
    #!/bin/bash
    
    # the firewall config file
    ipfwFile='/etc/rules.ipfw'
    
    # get the command line arguments
    [ $# -ne 3 ] && echo "Usage: $0 <add|remove> <ipaddr> <port>" && exit 1
    mode=$1
    ip=$2
    port=$3
    
    # make sure the config file is found
    [ ! -f $ipfwFile ] && echo "$ipfwFile: No such file" && exit 1
    
    # the line that should (or should not) appear in the config file
    string="\$IPF 460 allow all from $ip to any $port in"
    
    # determine mode (add/remove)
    case $mode in
      add)
        grep -q ^"$string" $ipfwFile
        if [ $? -eq 0 ]; then
          echo "IP address $ip port $port has already been added"
        else
          echo -n "Adding $ip $port to $ipfwFile ... "
          echo "$string" >> $ipfwFile && echo 'okay' || echo 'FAILED'
        fi
        ;;
      remove)
        grep -q ^"$string" $ipfwFile
        if [ $? -eq 0 ]; then
          echo -n "Removing $ip $port from $ipfwFile ... "
          sed -i.bak /^"$string"/d $ipfwFile && echo 'okay' || echo 'FAILED'
        else
          echo "IP address $ip port $port has already been removed"
        fi
        ;;
      *) 
        echo "Mode \`$mode' is not recognized"
        exit 1
    esac
    let me know if you have any problems with it, or don't understand it. it is fairly straight-forward.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •