From owner-FreeBSD-net-jp@jp.freebsd.org  Fri Nov  7 19:38:08 1997
Received: by jaz.jp.freebsd.org (8.8.8+2.7Wbeta7/8.7.3) id TAA03615
	Fri, 7 Nov 1997 19:38:08 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta7/8.7.3) with ESMTP id TAA03609
	for <FreeBSD-net-jp@jp.freebsd.org>; Fri, 7 Nov 1997 19:38:06 +0900 (JST)
Received: from localhost ([203.183.213.139]) by valkirie.mikage.t-cnet.or.jp (8.8.7+2.7Wbeta7/3.5Wpl5) with ESMTP id TAA04466 for <FreeBSD-net-jp@jp.freebsd.org>; Fri, 7 Nov 1997 19:38:29 +0900 (JST)
To: FreeBSD-net-jp@jp.freebsd.org
X-Mailer: Mew version 1.91 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint: 29 5E 86 48 44 CC 38 9C  72 82 D5 83 B6 FD 03 B1
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
	boundary="--Next_Part(Fri_Nov__7_19:38:07_1997_542)--"
Content-Transfer-Encoding: 7bit
Message-Id: <19971107193829O.issei@mikage.rim.or.jp>
Date: Fri, 07 Nov 1997 19:38:29 +0900
From: Issei Suzuki <issei@mikage.t-cnet.or.jp>
X-Dispatcher: imput version 970918
Lines: 101
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: FreeBSD-net-jp 321
Subject: [FreeBSD-net-jp 321] ipfw setting from remote machine
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org

----Next_Part(Fri_Nov__7_19:38:07_1997_542)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$BNkLZ0l@8(B $B$G$9!#(B

  options IPFIREWALL $B$D$-$N(B FreeBSD-2.2.5R $B$N(B kernel $B$r;H$C$F!"%9%/%j!<(B
$B%K%s%0%k!<%?!<$r1?MQ$7$F$$$^$9!#@hF|!"1?MQCf$K%U%#%k%?%j%s%0%k!<%k$rJQ(B
$B99$7$h$&$H!"(Btelnet $B$7$?@h$G(B /etc/rc.firewall $B$r=q$-49$($F(B

# sh /etc/rc.firewall simple

$B$H$d$C$?$i!"$b$N$N8+;v$KA4$/%Q%1%C%H$rDL$5$J$$%k!<%?!<$,$G$->e$,$j$^$7(B
$B$?(B ;-(   ipfw -f flush $B$N;~E@$G(B telnet $B%3%M%/%7%g%s$,DL$i$J$/$J$C$F$7$^(B
$B$$!"%9%/%j%W%H$N<B9T$,Dd;_$7$F$7$^$C$?$?$a$G$9!#(B

  $BHa$7$+$C$?$N$G!"%j%b!<%H$+$i$G$b4JC1$K%U%#%k%?%j%s%0%k!<%k$rJQ99$G$-(B
$B$k$h$&$J(B Perl $B%9%/%j%W%H$r=q$$$F$_$^$7$?!#Cf?H$O(B tty $B$+$i@Z$jJ|$7$?;R%W(B
$B%m%;%9$r:n$C$F!"$=$C$A$G(B ipfw $B$r<B9T$5$;$F$$$k$@$1$G$9!#(B

p.s.
  $B$3!<$f!<$b$N$r!"(BFreeBSD-net-jp ML $B$KAw$k$N$OBEEv$G$9$+!)(B

-- 
$B&N(B  
$B""(BP $BNkLZ0l@8!wJ*M}(B.$BEl9)Bg(B <issei@mikage.rim.or.jp>


----Next_Part(Fri_Nov__7_19:38:07_1997_542)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

#!/usr/bin/perl

# setipfw  --  set ipfw rules from remote host.
#
# Issei Suzuki <issei@t-cnet.or.jp>

require 'getopts.pl';
&Getopts('q') || &usage;

$ipfw = "/sbin/ipfw";
$rule = $ARGV[0] ? $ARGV[0] : &usage;

open(F, $rule) || die "setipfw : [$rule] : $!";
$pid = fork();
if ($pid) {
	wait;
	system("$ipfw -N list") unless $opt_q;
}
elsif (defined($pid)) {
	close(STDIN);
	close(STDOUT);
	close(STDERR);
	system("$ipfw -f flush");
	while (<F>) {
		next if /^\s*#/;
		next if /^\s*$/;
		last if /^65535/;
		s/^(.*)#.*$/$1/;
		system("$ipfw add $_");
	}
	close(F);
	exit;
}
else {
	die STDERR "setipfw : fork : $!";
}

sub usage {
	print STDERR "Usage: setipfw [-q] RULEFILE\n";
	print STDERR "\n";
	print STDERR "   -q   Quiet mode\n";
	print STDERR "\n";
	exit(8);
}

----Next_Part(Fri_Nov__7_19:38:07_1997_542)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

# Sample ruleset for setipfw command

#########################################################
# IP rules
#########################################################

allow ip from any to any via lo0
deny ip from 127.0.0.0/8 to 127.0.0.0/8
deny log ip from 233.103.22.8/29 to any in recv ed0
deny log ip from 192.168.0.0/16 to any via ed0
deny log ip from 172.16.0.0/12 to any via ed0
deny log ip from 10.0.0.0/8 to any via ed0

#########################################################
# ICMP rules
#########################################################

allow icmp from any to any icmptypes 0,8,11

----Next_Part(Fri_Nov__7_19:38:07_1997_542)----
