head	1.1;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1
	RELEASE_6_EOL:1.1
	RELEASE_8_1_0:1.1
	RELEASE_7_3_0:1.1
	RELEASE_8_0_0:1.1
	RELEASE_7_2_0:1.1
	RELEASE_7_1_0:1.1
	RELEASE_6_4_0:1.1
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1
	RELEASE_6_1_0:1.1
	RELEASE_5_5_0:1.1
	RELEASE_6_0_0:1.1;
locks; strict;
comment	@# @;


1.1
date	2005.05.30.16.31.51;	author pav;	state Exp;
branches;
next	;


desc
@@


1.1
log
@- Fix doormand to work on FreeBSD
- Replace broken ipf* script
- RCng script

PR:		ports/81615
Submitted by:	Lupe Christoph <lupe@@lupe-christoph.de> (maintainer)
@
text
@#!/bin/sh
#
#  file "ipf_delete"
#  IPFilter firewall-delete script, called by "doormand". 
#  This removes the "pass in quick" rules from the firewall
#  that were added by one of the ipf_add scripts.
#
#  Called with five arguments:
#
# $1 : name of the interface (e.g. ne0)
# $2 : source IP; i.e. dotted-decimal address of the 'knock' client
# $3 : source port; when this script is called for the first time
#      to delete a broad firewall rule, this argument will be set
#      to a single "0" (0x30) character.  This means that the source
#      port was not known, and a broad rule allowing any source
#      port was set.
# $4 : destination IP; that is, the IP address of the interface 
#      in argument 1.
# $5 : The port number of the requested service (e.g. 22 for ssh, etc.)
#
#
if [ $3 = 0 ]; then
     inrule="pass in  quick on $1 proto TCP from $2           to $4 port = $5"
    outrule="pass out quick on $1 proto TCP from $4 port = $5 to $2"
else
     inrule="pass in  quick on $1 proto TCP from $2 port = $3 to $4 port = $5"
    outrule="pass out quick on $1 proto TCP from $4 port = $5 to $2 port = $3"
fi

ret=`(echo @@$inruleno $inrule; echo @@$outruleno $outrule) | /sbin/ipf -r -f - 2>&1`

if [ -z "$ret" ]
then
    echo 0
else
    echo -1 3 $ret
fi

@
