# cf. Example ipfw ruleset, http://codesnippets.joyent.com/posts/show/1267 # choose appropriate numbers for num1 & num2 according to your ipfw ruleset /usr/bin/sudo /sbin/ipfw list /usr/sbin/sysctl -n net.inet.ip.fw.autoinc_step function free_ipfw_rule_num() { declare -i num1=6701 num2=6799 lastipfwnum if [[ $(/usr/sbin/sysctl -n net.inet.ip.fw.autoinc_step) -ne 100 ]]; then printf "%s\x21\n" "sysctl -n net.inet.ip.fw.autoinc_step is not set to 100" return 1 fi lastipfwnum=$(/usr/bin/sudo /sbin/ipfw list | /usr/bin/tail -n 2 | /usr/bin/head -n 1 | /usr/bin/awk '{print $1}') if [[ $num2 -ge $lastipfwnum ]]; then printf "%s\x21\n" "${num2} is greater than or equal to ${lastipfwnum}" return 1 fi while $(/usr/bin/sudo /sbin/ipfw show ${num1} &>/dev/null) ; do let "num1 += 1" if [[ $num1 -gt $num2 ]]; then num1=; break; return 1; fi done printf "%s\n" "${num1}" return 0 } function openport() { declare portnum rulenum if [[ $# -ne 1 ]]; then printf "%s\n" "Wrong number of arguments: $#"; return 1; fi portnum="${1//[^[:digit:]]/}" if [[ -z $portnum ]]; then printf "%s\n" "No valid port number given: ${1}"; return 1; fi if [[ $portnum -gt 65535 ]]; then printf "%s\n" "Given port number is greater than 65535: ${portnum}"; return 1; fi rulenum=$(free_ipfw_rule_num) /usr/bin/sudo /sbin/ipfw -q add ${rulenum} allow all from any to any dst-port ${portnum} keep-state printf "%s\n" "... opening ipfw rule no. ${rulenum} for internet access via port ${portnum}" return 0 } function closeport() { declare portnum rulenum if [[ $# -ne 1 ]]; then printf "%s\n" "Wrong number of arguments: $#"; return 1; fi portnum="${1//[^[:digit:]]/}" if [[ -z $portnum ]]; then printf "%s\n" "No valid port number given: ${1}"; return 1; fi if [[ $portnum -gt 65535 ]]; then printf "%s\n" "Given port number is greater than 65535: ${portnum}"; return 1; fi rulenum=$(/usr/bin/sudo /sbin/ipfw list | /usr/bin/awk "/from +any +to +any +dst-port +${portnum} +keep-state[[:space:]]*$/ {print \$1}") if [[ -z "${rulenum}" ]]; then printf "%s\n" "No ipfw rule for port number: ${portnum}"; return 1; fi /usr/bin/sudo /sbin/ipfw -q delete ${rulenum} printf "%s\n%s\n" "... deleting ipfw rule no. ${rulenum//[[:cntrl:]]/ }" "... closing internet access via port: ${portnum}" return 0 } openport 43 openport 43 openport 43 /usr/bin/sudo /sbin/ipfw show [rulenum] # ... allow ip from any to any dst-port 43 keep-state closeport 43
Never been to CodeSnippets before?
Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)
Enable internet traffic via specified ports through ipfw (See related posts)
You need to create an account or log in to post comments to this site.
Related Posts
» Enable access to specified w... in shell osx mac bash unix web ipfw firewall internet access traffic website pipestatus
» Analyze internet traffic vol... in awk shell osx mac bash unix dynamic web ipfw internet traffic volume rule
» Simple internet traffic summ... in awk shell osx mac bash unix web internet traffic summary tcpdump
» Block internet traffic to sp... in shell osx mac bash ip unix web internet access route traffic website localhost ipaddress block blackhole
» Ping a port with hping3 in shell osx mac bash ping unix network web port ipfw internet hping hping3
» Switching firewall settings ... in shell osx mac bash unix ipfw firewall ruleset switch
Snippets (source code soon to be available) developed by Peter Cooper and powered by Ruby On Rails