0

Thank you for existing and making my life easier :). I need your help, please.

I need to create a putty function to work like this.

A command in putty:

ipfw addip [IP]

This will add in /etc/rules.ipfw the following line:

$IPF 460 allow all from [IP] to any 22 in

A command in putty:

ipfw removeip [IP]

This will search in /etc/rules.ipfw for the line with specific [IP] and it will remove it. Example line to be removed

$IPF 460 allow all from [IP] to any 22 in

Thank you.

Rares Daniel
  • 3
  • 1
  • 2

1 Answers1

0

It sounds like what you want is a shell script for the user to run after connecting to the server with PuTTY. ipfw_addip to do this:

#! /bin/sh
echo "\$IPF 460 allow all from $1 to any 22 in" >> /etc/ipfw.rules

and ipfw_removeip:

#! /bin/sh
grep -v "allow all from $1" /etc/ipfw.rules > /tmp/ipfw.$$
mv /tmp/ipfw.$$ /etc/ipfw.rules

Those are very simplistic examples, and in a production environment should make more sanity checks, but they may help you get started.

Tim Pierce
  • 5,514
  • 1
  • 15
  • 31
  • its perfect. thank you for your time. can you please be more specific for sanitization checks? give example if possible, thank you. – Rares Daniel Nov 28 '13 at 02:23
  • Sure. For example, the script should make sure that an argument was passed to it at all, e.g. `if [ $# -ge 1 ] ....` It should also make sure that the argument actually looks like an IP address. If an attacker ran this script with an argument like `ipfw_addip "any to any;"` then /etc/ipfw.rules would include `$IPF 460 allow all from any to any; to any 22 in` which would open up the firewall to the entire world. – Tim Pierce Nov 28 '13 at 02:30
  • thank you so much !!!! now, can i make an command to search within lines ,for example [ ipfw_list 22 ] and i would see just $IPS that have acces to port $22 ? thank you. – Rares Daniel Nov 28 '13 at 03:12