3 ### Firewall control perl script drived by opengatesrv.cgi ###
4 ### (In default this script is disabled. See opengatesrv.conf.)
5 ### (Consider setting by ipfw rule or opengatesrv.conf before use this)
7 ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber,$interface)=@ARGV;
8 close STDOUT; close STDERR; close STDIN;
12 system "$ipfwpath","-q","add","$rulenumber",
13 "count","tag","$ipfwtagnumber","ip","from","any","to","any",
14 "MAC", "any", "$macaddr", "via", "$interface", "keep-state";
16 system "$ipfwpath","-q","add","$rulenumber",
17 "count","tag","$ipfwtagnumber","ip","from","any","to","any",
18 "MAC", "$macaddr", "any", "via", "$interface", "keep-state";
24 ########### Above line is the end of interpreting#############
28 $ipfwpath = path to ipfw command
29 $rulenumber= ipfw rule number. one number for one client
30 $clientaddr= client machine's IP address
31 $userid = user's ID. Auth server ID is attached(usr@svr), if entered.
32 $macaddr = MAC address for the client machine
33 $interface = Network interface card name
37 *Be care to execute quickly and without delay.
38 This script runs in EXCLUSIVE mode.
40 *Be care to add least rule set.
41 The rules are added PER each client.
43 *Be care to eliminate bug and security hole.
44 At modification, debug it perfectly in stand along mode.
46 *If possible, the rule should be written in rc.firewall.
47 Following can be written in rc.firewall
48 Deny some protocol though authentication passed.
49 Allow to access some server without authentication.
51 *Following might be written in this script.
52 Deny guest users to access internal network.
53 Deny a client having specific MAC address.
54 Forward some service to proxy server after authentication.
55 (Last one might be written in rc.firewall as the rule of other
56 side interface which is not used by opengate)
60 If you are confused, return to the following default script.
61 =====================================================
64 ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber,$interface)=@ARGV;
65 close STDOUT; close STDERR; close STDIN;
69 system "$ipfwpath","-q","add","$rulenumber",
70 "count","tag","$ipfwtagnumber","ip","from","any","to","any",
71 "MAC", "any", "$macaddr", "via", "$interface", "keep-state";
73 system "$ipfwpath","-q","add","$rulenumber",
74 "count","tag","$ipfwtagnumber","ip","from","any","to","any",
75 "MAC", "$macaddr", "any", "via", "$interface", "keep-state";
78 ======================================================