[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipfilter variables

To: Leif Larsson <leif.larsson@l3system.se>
Subject: Re: ipfilter variables
From: Damien Miller <djm@mindrot.org>
Date: Tue, 2 Jan 2001 12:28:29 +1100 (EST)
Cc: misc@openbsd.org

On Sat, 30 Dec 2000, Leif Larsson wrote:

> Is there any way to specify variables in the ipf.rules file ?
> For example:
> 
> $NAMESERVER=192.168.1.1
> pass in from any to $NAMESERVER
 
Use cpp:

------------ ipf.rules.cpp

#define MYNET 10.1.2.3
#define ANY 0.0.0.0/0
#define RESET block return-rst
#define BLOCK block return-icmp(13)

BLOCK in all
RESET in proto tcp all
pass out all

pass in from any to MYNET

-----------

cpp -P /etc/ipf.rules.cpp > /etc/ipf.rules
ipf -Fa -f /etc/ipf.rules

-d

-- 
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm@mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, / 
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org

Prev by Date: really advanced firewalling
Next by Date: OpenBSD/Qmail Question
Prev by thread: really advanced firewalling
Next by thread: OpenBSD/Qmail Question
Index(es):
- Date
- Thread