|
Lines 822-833
Link Here
|
| 822 |
|
822 |
|
| 823 |
<para>Symbolic fields do not have the $ prefix.</para> |
823 |
<para>Symbolic fields do not have the $ prefix.</para> |
| 824 |
|
824 |
|
| 825 |
<para>The value to populate the Symbolic field must be enclosed |
825 |
<para>The value to populate the symbolic field must be enclosed |
| 826 |
with "double quotes".</para> |
826 |
with double quotes (<literal>"</literal>).</para> |
| 827 |
|
827 |
|
| 828 |
<para>Start your rule file with something like this:</para> |
828 |
<para>Start your rule file with something like this:</para> |
| 829 |
|
829 |
|
| 830 |
|
|
|
| 831 |
<programlisting>############# Start of IPF rules script ######################## |
830 |
<programlisting>############# Start of IPF rules script ######################## |
| 832 |
|
831 |
|
| 833 |
oif="dc0" # name of the outbound interface |
832 |
oif="dc0" # name of the outbound interface |
|
Lines 836-842
Link Here
|
| 836 |
ks="keep state" |
835 |
ks="keep state" |
| 837 |
fks="flags S keep state" |
836 |
fks="flags S keep state" |
| 838 |
|
837 |
|
| 839 |
# You can chose between building /etc/ipf.rules file |
838 |
# You can choose between building /etc/ipf.rules file |
| 840 |
# from this script or running this script "as is". |
839 |
# from this script or running this script "as is". |
| 841 |
# |
840 |
# |
| 842 |
# Uncomment only one line and comment out another. |
841 |
# Uncomment only one line and comment out another. |
|
Lines 860-884
Link Here
|
| 860 |
################## End of IPF rules script ########################</programlisting> |
859 |
################## End of IPF rules script ########################</programlisting> |
| 861 |
|
860 |
|
| 862 |
<para>That is all there is to it. The rules are not important in |
861 |
<para>That is all there is to it. The rules are not important in |
| 863 |
this example; how the Symbolic substitution field are populated |
862 |
this example; how the symbolic substitution fields are populated |
| 864 |
and used are. If the above example was in a file named <filename>/etc/ipf.rules.script</filename>, |
863 |
and used are. If the above example was in a file named <filename>/etc/ipf.rules.script</filename>, |
| 865 |
you could reload these rules by entering this on the command |
864 |
you could reload these rules by entering the following command:</para> |
| 866 |
line:</para> |
|
|
| 867 |
|
865 |
|
| 868 |
<programlisting><command>sh /etc/ipf.rules.script</command> |
866 |
<screen>&prompt.root; <userinput>sh /etc/ipf.rules.script</command> |
| 869 |
</programlisting> |
867 |
</screen> |
| 870 |
|
868 |
|
| 871 |
<para>There is one problem with using a rules file with embedded |
869 |
<para>There is one problem with using a rules file with embedded |
| 872 |
symbolics. IPF do not understand symbolic substitution, and |
870 |
symbolics: IPF does not understand symbolic substitution, and |
| 873 |
can not read such scripts directly.</para> |
871 |
cannot read such scripts directly.</para> |
| 874 |
|
872 |
|
| 875 |
<para>This script can be used in one of two ways:</para> |
873 |
<para>This script can be used in one of two ways:</para> |
| 876 |
|
874 |
|
| 877 |
<itemizedlist> |
875 |
<itemizedlist> |
| 878 |
<listitem> |
876 |
<listitem> |
| 879 |
<para>Uncomment line that begins from <command>cat</command> |
877 |
<para>Uncomment the line that begins with <literal>cat</literal>, |
| 880 |
and comment out line that begins from |
878 |
and comment out the line that begins with |
| 881 |
<filename>/sbin/ipf</filename>. Place |
879 |
<literal>/sbin/ipf</literal>. Place |
| 882 |
<literal>ipfilter_enable="YES"</literal> into |
880 |
<literal>ipfilter_enable="YES"</literal> into |
| 883 |
<filename>/etc/rc.conf</filename> as usual, and run |
881 |
<filename>/etc/rc.conf</filename> as usual, and run |
| 884 |
script once after each modification to create or update |
882 |
script once after each modification to create or update |
|
Lines 903-913
Link Here
|
| 903 |
<para>The permissions on this script file must be read, write, |
901 |
<para>The permissions on this script file must be read, write, |
| 904 |
execute for owner <username>root</username>.</para> |
902 |
execute for owner <username>root</username>.</para> |
| 905 |
|
903 |
|
| 906 |
<programlisting><command>chmod 700 /usr/local/etc/rc.d/ipf.loadrules.sh</command></programlisting> |
904 |
<screen>&prompt.root; <userinput>chown root /usr/local/etc/rc.d/ipf.loadrules.sh</userinput> |
|
|
905 |
&prompt.root; <userinput>chmod 700 /usr/local/etc/rc.d/ipf.loadrules.sh</userinput></screen> |
| 907 |
</listitem> |
906 |
</listitem> |
| 908 |
</itemizedlist> |
907 |
</itemizedlist> |
| 909 |
|
908 |
|
| 910 |
<para>Now, when your system boots your IPF rules will be |
909 |
<para>Now, when your system boots, your IPF rules will be |
| 911 |
loaded.</para> |
910 |
loaded.</para> |
| 912 |
</sect2> |
911 |
</sect2> |