ipfw command to add or delete IP rule

[lrdro]

Hello,

Thank you for existing and making my life easier . I need your help, please.

I need to create a putty function to work like this.

1. A command in putty: ipfw addip [IP]. This will add in /etc/rules.ipfw the following line:
   

   $IPF 460 allow all from [IP] to any 22 in

2. A command in putty: ipfw removeip [IP]. This will search in /etc/rules.ipfw for the line with specific [IP] and it will remove it.

Example line:

$IPF 460 allow all from [IP] to any 22 in

Thank you.

 

[usdmatt]

I'm not sure how the putty functions work so I can't help you out there. The main problem I see is that obviously the ipfw command doesn't have addip/removeip functions that will create the rules you want, so you would have to write a script to do it, then run that script from PuTTY. That script would have to be capable of adding lines to /etc/rules.ipfw, searching and removing them, and, I expect, reloading the ruleset.

Alternatively, assuming you are actually using ipfw, you could add a rule similar to the following permanently to your ruleset (I haven't double checked the exact syntax of this or tested it):

allow all from "table(1)" to any dst-port 22

Then you just need to run the following from PuTTY to add/remove entries dynamically from the table:

# ipfw table 1 add myip (myip can be a.b.c.d or a.b.c.d/cidr)

# ipfw table 1 delete myip
or
# ipfw table 1 flush (delete all entries as a table can contain multiple addresses)

As these are simple 'one-shot' commands it should make what you are trying to do much easier than trying to edit the ruleset

 

[lrdro]

Hello,

I have clients that do not know how to use PuTTY and edit a single file, so the single command addip $IP or removeip $IP will be perfect. I have tried as you said but it's not working properly.