Help needed writing a script

[Rilo Ravestein]

Code:

${fwcmd} add 01006 allow ip from 192.168.1.0/24 to 192.168.1.0/24 keep-state
${fwcmd} add 02000 allow ip from 192.168.1.0/24 to 192.168.1.202 keep-state #this being the IP of the transmission Jail, NOT my my actual server which is 1.16

Like this, your 02000 rule is redundant, since it is already covered in rule 01006.

If i assume you would like to connect to a VPN, then your 02000 rule should not be to allow traffic to the jail IP but to the VPN server IP

Code:

 ${fwcmd} add 02000 allow ip from 192.168.2.0/24 to ##. ###. ###. ### keep-state #VPN IP[/CODE]

[/QUOTE]

 

[UF8FF]

Like this, your 02000 rule is redundant, since it is already covered in rule 01006.

If i assume you would like to connect to a VPN, then your 02000 rule should not be to allow traffic to the jail IP but to the VPN server IP

perfect. thank you!

 

[Rilo Ravestein]

perfect. thank you!

You're welcome.

 

[UF8FF]

Like this, your 02000 rule is redundant, since it is already covered in rule 01006.

If i assume you would like to connect to a VPN, then your 02000 rule should not be to allow traffic to the jail IP but to the VPN server IP

Might i ask. What happens if the VPN IP changes?

 

[Rilo Ravestein]

Might i ask. What happens if the VPN IP changes?

I think you should read this whole thread, including the threads linked.
The VPN service server IP address you are connecting to won't change. I'ts the tun# IPs that may change. This thread is all about how to cope with that with a script.

 

[UF8FF]

Must've not understood it when I skimmed through. I'll go through it. Thanks again.

 

[Rilo Ravestein]

Must've not understood it when I skimmed through. I'll go through it. Thanks again.

No problem, happy to help where I can.

 

[Montel Bahn]

@joeschmuck re :'In the google searches include the word "bash". Bash can be very finicky.'

How did you know he was using BASH?
I thought I read somewhere plain Bourne is 'better' for scripts?
Is BASH more powerful, or just more widely used and thus easier to google for?
When you say BASH can be finicky, are you speaking generically(shell scripting in general) or
do you mean in contrast to other shells?

I be noobs here(and way to many other places!)

 

[jgreco]

Most Linux n00bs confuse "bash" with "sh", resulting in sh scripts that have all sorts of bash'isms that then won't work on a proper UNIX system.

bash heaps a bunch of new constructs on top of the old sh-style scripting. I wouldn't consider that to be bad, because Bourne shell scripting has some rather awful sharp edges, but it's really frustrating when someone has decided to "#! /bin/sh" their BASH script and you don't notice that buried within are bash'isms, and things break, and you have to rewrite their crap.

Bourne shell script is by far more widely used and is generally the gold standard in scripting languages on UNIX.

 

[Bidule0hm]

Or you can script POSIX and your script can be used with any shell... just sayin'... :D

 

[jgreco]

I'd really like everyone who writes shell script to first have to read

http://www.apress.com/9781430210436

obDisclosure: I have a signed copy and Seebs has done work for me in the past.

 

[joeschmuck]

@joeschmuck re :'In the google searches include the word "bash". Bash can be very finicky.'

How did you know he was using BASH?
I thought I read somewhere plain Bourne is 'better' for scripts?
Is BASH more powerful, or just more widely used and thus easier to google for?
When you say BASH can be finicky, are you speaking generically(shell scripting in general) or
do you mean in contrast to other shells?

I be noobs here(and way to many other places!)

That really wasn't the case, but as previously explained by @jgreco the "#! /bin/sh" doesn't always work the way you think it should. I personally have had better luck with this vice "#! /bin/bash" with my scripts. Could be because I never learned the proper way but it's not for the lack of trying. Syntax must be exact is what I mean by finicky and operators must be used in the correct way to get the desired outcome. And I personally enjoy writing scripts, it reminds me of simpler times.

 

[Mirfster]

I'd really like everyone who writes shell script to first have to read

Sure, buy us all copies and we will... Scout's honor. ;)

 

[joeschmuck]

I recall purchasing two programming books for machine code for the 8080 family and assembly, each was $60. This was just to support my hobby of being a geek in those days and that helped me in my career as well later on in life. I likely still have those books buried in a box somewhere in the basement and they were full of corners of the pages bent over.

 

[jgreco]

Heh, I still have an eclectic selection of books sitting around my office, ranging from Computer Architecture and VAX Assembly Language Programming (still among my favorite) to dreary reads like Understanding and Deploying LDAP to esoteric stuff like a 1947 edition of the Dawes Electrical Engineering book. So much fun stuff to do!

 

[joeschmuck]

You're my HERO, Electrical Engineering books are fantastic to study and to see how some of today's stuff came about. Imagine the people who thought and designed this stuff, just amazing. I'll bet we have a few VAX programming books in my office still even though we got rid of VAX machines about 10 years ago. My team holds on to everything.

 

[jgreco]

I have to admit that EE was only a minor and I wasn't that great with the analog stuff. Digital was a lot of fun though.

VAX was a great CISC architecture and a lot of fun to code for.

 

[joeschmuck]

CISC architecture

And RISC as well was interesting but I was only exposed to it briefly, I don't even remember what the system was. But who knows what we are talking about.

 

[jgreco]

DEC Alpha? RS/6000? UltraSPARC? PowerPC? ARM? History is littered with 'em. :-( SO many fun things to play with though.

 

[joeschmuck]

Agreed