Hello Igor!
Am 12.01.2017 um 03:41 schrieb Igor:
>>> actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk
>>> 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if
>>> (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype>
>>> <block> from table\(<table>\) to me <port>; echo $num >
>>> "<startstatefile>"
>>> )
[...]
> Just in case: the awk inline script in the action quoted above is
> working on the output of "ipfw show | fgrep -q 'table(<table>)' , which
> is only trying to avoid a clash with an existing table.
Are you sure?
I think the script will either find a rule for this table and happily
stop after that or it will call the awk script on the output of ipfw
show, listing all rule numbers, until it finds an empty spot.
And I think actionstart will remember the fact that there was a rule for
the given table: if yes it will not write the rule number into
startstatefile and thus actionstop will not remove the rule.
Best regards
Christoph
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
