Never been to CodeSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

ipfwdump, ipfwto & ipfwfrom (See related posts)

Three basic Bash functions to get some current ipfw ruleset information.

unset -f ipfwfrom
function ipfwfrom() {

   declare sudo=/usr/bin/sudo ipfw=/sbin/ipfw
   declare IF CIF ipnum rule url num

   OPATH=$PATH; OIFS=$IFS
   export PATH="/usr/bin:/bin:/usr/sbin:/sbin"; export IFS=$' \t\n'

   /usr/sbin/ipconfig waitall

   IF="en0"
   CIF="$(/sbin/route -n get default | grep interface | awk '{ print $NF }')"   # current default interface
   #CIF="$(/usr/sbin/netstat -rn | grep default | awk '{ print $NF }')"          # current default interface

   if [[ "$1" = "-n" ]]; then    # print IP numbers

      $sudo $ipfw -de list | awk '/ \(.*\) / { print $1, $7 }'  | sort -n | uniq | while read -d $'\n' line; do
         ipnum="${line##* }"
         rule="$(/usr/bin/sudo /sbin/ipfw list ${line%% *} )"
         printf "%-27s %s\n" "${ipnum}" "${rule}"
      done

   else

      if [[ "${IF}" != "${CIF}" ]]; then echo 'No internet connection!'; return 1; fi

      $sudo $ipfw -de list | awk '/ \(.*\) / { print $1, $7 }'  | sort -n | uniq | while read -d $'\n' line; do
         ipnum="${line##* }"
         url="$(/usr/bin/dig +short +time=3 +tries=2 -x ${ipnum} | head -n 1)"
         if [[ -z "${url}" ]]; then url=${ipnum}; fi
         rule="$(/usr/bin/sudo /sbin/ipfw list ${line%% *} )"
         printf "%-27s %-45s %s\n" "${ipnum}" "${url}" "${rule}"
      done

   fi

   export PATH=$OPATH; export IFS=$OIFS

   return 0
}
export -f ipfwfrom



unset -f ipfwto
function ipfwto() { 

   declare sudo=/usr/bin/sudo ipfw=/sbin/ipfw
   declare IF CIF ipnum rule url num

   OPATH=$PATH; OIFS=$IFS
   export PATH="/usr/bin:/bin:/usr/sbin:/sbin"; export IFS=$' \t\n'

   /usr/sbin/ipconfig waitall

   IF="en0"
   CIF="$(/sbin/route -n get default | grep interface | awk '{ print $NF }')"   # current default interface

   if [[ "$1" = "-n" ]]; then    # print IP numbers

      $sudo $ipfw -de list | awk '/ \(.*\) / { print $1, $10 }'  | sort -n | uniq | while read -d $'\n' line; do
         ipnum="${line##* }"
         rule="$(/usr/bin/sudo /sbin/ipfw list ${line%% *} )"
         printf "%-27s %s\n" "${ipnum}" "${rule}"
      done

   else

      if [[ "${IF}" != "${CIF}" ]]; then echo 'No internet connection!'; return 1; fi

      $sudo $ipfw -de list | awk '/ \(.*\) / { print $1, $10 }'  | sort -n | uniq | while read -d $'\n' line; do
         ipnum="${line##* }"
         url="$(/usr/bin/dig +short +time=3 +tries=2 -x ${ipnum} | head -n 1)"
         if [[ -z "${url}" ]]; then url=${ipnum}; fi
         rule="$(/usr/bin/sudo /sbin/ipfw list ${line%% *} )"
         printf "%-27s %-45s %s\n" "${ipnum}" "${url}" "${rule}"
      done

   fi

   export PATH=$OPATH; export IFS=$OIFS

   return 0
}
export -f ipfwto



unset -f ipfwdump
function ipfwdump() { 

   declare sudo=/usr/bin/sudo ipfw=/sbin/ipfw
   declare IF CIF ipnum rule url num ipfrom ipto ip1 ip2

   OPATH=$PATH; OIFS=$IFS
   export PATH="/usr/bin:/bin:/usr/sbin:/sbin"; export IFS=$' \t\n'

   /usr/sbin/ipconfig waitall

   IF="en0"
   CIF="$(/sbin/route -n get default | grep interface | awk '{ print $NF }')"   # current default interface

   if [[ "$1" = "-n" ]]; then    # print IP numbers

      $sudo $ipfw -de list | awk '/ \(.*\) / { print $1,$7,$10 }' | sort -n | uniq | while read -d $'\n' line; do
         read num ipfrom ipto <<< "${line}"
         rule="$(/usr/bin/sudo /sbin/ipfw list ${num} )"
         printf "%-45s %s\n" "${ipfrom}  ->  ${ipto}" "${rule}"
      done

   else

      if [[ "${IF}" != "${CIF}" ]]; then echo 'No internet connection!'; return 1; fi

      $sudo $ipfw -de list | awk '/ \(.*\) / { print $1,$7,$10 }' | sort -n | uniq | while read -d $'\n' line; do
         read num ipfrom ipto <<< "${line}"
         rule="$(/usr/bin/sudo /sbin/ipfw list ${num})"
         ip1="$(/usr/bin/dig +short +time=3 +tries=2 -x ${ipfrom} | head -n 1)"
         ip2="$(/usr/bin/dig +short +time=3 +tries=2 -x ${ipto} | head -n 1)"
         if [[ -z "${ip1}" ]]; then ip1=${ipfrom}; fi
         if [[ -z "${ip2}" ]]; then ip2=${ipto}; fi
         printf "%-65s %s\n" "${ip1}  ->  ${ip2}" "${rule}"
      done
   fi


   export PATH=$OPATH; export IFS=$OIFS

   return 0
}

export -f ipfwdump



ipfwdump
ipfwdump -n
ipfwdump -n | grep 7400
ipfwdump -n | grep allow
ipfwdump -n | grep deny

ipfwto
ipfwto -n | grep deny
ipfwfrom -n
ipfwfrom | grep allow
to shell osx mac bash unix ipfw firewall ruleset dump by jvs on Fri Jul 11 20:12:09 +0000 2008

You need to create an account or log in to post comments to this site.


Related Posts