Samhenry
asked on
Shell Script to turn off the Application Firewall when user is on IP address 128.183, then turn it back on when they are not at that address
I am looking to simply shut off the Application level firewall when the active IP address begins with 128.183.
The goal is when the user is on 128.183, they have no firewall for the time being. When a network changes and they are no longer 128.183, turn the firewall back on.
I was looking for a shell script do do something like this, to keep checking their IP Address
The goal is when the user is on 128.183, they have no firewall for the time being. When a network changes and they are no longer 128.183, turn the firewall back on.
I was looking for a shell script do do something like this, to keep checking their IP Address
what is your os ?
ASKER
hello, great to hear from you
ASKER
10.5.6 Leopard
can you post the output of
ifconfig -a
ifconfig -a
ASKER
lo0: flags=8049<UP,LOOPBACK,RUN NING,MULTI CAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MUL TICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SM ART,RUNNIN G,SIMPLEX, MULTICAST> mtu 1500
inet 128.183.62.197 netmask 0xfffffc00 broadcast 128.183.63.255
ether 00:17:f2:d2:15:af
media: autoselect (100baseTX <full-duplex,flow-control> ) status: active
supported media: autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 10baseT/UTP <full-duplex,flow-control> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback> 100baseTX <full-duplex,flow-control> 1000baseT <full-duplex> 1000baseT <full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> none
fw0: flags=8863<UP,BROADCAST,SM ART,RUNNIN G,SIMPLEX, MULTICAST> mtu 2030
lladdr 00:19:e3:ff:fe:74:34:0e
media: autoselect <full-duplex> status: inactive
supported media: autoselect <full-duplex>
en2: flags=8863<UP,BROADCAST,SM ART,RUNNIN G,SIMPLEX, MULTICAST> mtu 1500
inet6 fe80::219:e3ff:fed8:b91a%e n2 prefixlen 64 scopeid 0x6
inet 128.154.178.210 netmask 0xfffffc00 broadcast 128.154.179.255
ether 00:19:e3:d8:b9:1a
media: autoselect status: active
supported media: autoselect
vmnet8: flags=8863<UP,BROADCAST,SM ART,RUNNIN G,SIMPLEX, MULTICAST> mtu 1500
inet 172.16.34.1 netmask 0xffffff00 broadcast 172.16.34.255
ether 00:50:56:c0:00:08
vmnet1: flags=8863<UP,BROADCAST,SM ART,RUNNIN G,SIMPLEX, MULTICAST> mtu 1500
inet 172.16.140.1 netmask 0xffffff00 broadcast 172.16.140.255
ether 00:50:56:c0:00:01
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MUL
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SM
inet 128.183.62.197 netmask 0xfffffc00 broadcast 128.183.63.255
ether 00:17:f2:d2:15:af
media: autoselect (100baseTX <full-duplex,flow-control>
supported media: autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 10baseT/UTP <full-duplex,flow-control>
fw0: flags=8863<UP,BROADCAST,SM
lladdr 00:19:e3:ff:fe:74:34:0e
media: autoselect <full-duplex> status: inactive
supported media: autoselect <full-duplex>
en2: flags=8863<UP,BROADCAST,SM
inet6 fe80::219:e3ff:fed8:b91a%e
inet 128.154.178.210 netmask 0xfffffc00 broadcast 128.154.179.255
ether 00:19:e3:d8:b9:1a
media: autoselect status: active
supported media: autoselect
vmnet8: flags=8863<UP,BROADCAST,SM
inet 172.16.34.1 netmask 0xffffff00 broadcast 172.16.34.255
ether 00:50:56:c0:00:08
vmnet1: flags=8863<UP,BROADCAST,SM
inet 172.16.140.1 netmask 0xffffff00 broadcast 172.16.140.255
ether 00:50:56:c0:00:01
try this
ifconfig -a | grep 128.183
if [ $? -eq 0 ]
then
/path/tp/app_firwall_shutd own_comman d
fi
ifconfig -a | grep 128.183
if [ $? -eq 0 ]
then
/path/tp/app_firwall_shutd
fi
ASKER
GREAT!! I'll give it a go and let you know.
ASKER
I have to run to a meeting. Thanks so much for your quick response. Awesome service
ASKER
omarfarid,
I need the firewall state to be read first before It is changed, something like this?
#Get IP Address
ifconfig -a | grep 192.169
if [ $? -eq 0 ]
then
#disable firewall
If ['defaults read "/Library/Preferences/com. apple.shar ing.firewa ll" state' -eg 1] then
defaults write /Library/Preferences/com.a pple.alf globalstate -int 0
killall -HUP socketfilterfw
echo "Firewall Off"
else
#Enable firewall to Set access for specific services and applications
If ['defaults read "/Library/Preferences/com. apple.shar ing.firewa ll" state' -eg 0] then
defaults write /Library/Preferences/com.a pple.alf globalstate -int 1
killall -HUP socketfilterfw
echo "Firewall On"
fi
I need the firewall state to be read first before It is changed, something like this?
#Get IP Address
ifconfig -a | grep 192.169
if [ $? -eq 0 ]
then
#disable firewall
If ['defaults read "/Library/Preferences/com.
defaults write /Library/Preferences/com.a
killall -HUP socketfilterfw
echo "Firewall Off"
else
#Enable firewall to Set access for specific services and applications
If ['defaults read "/Library/Preferences/com.
defaults write /Library/Preferences/com.a
killall -HUP socketfilterfw
echo "Firewall On"
fi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great, that's it. I'll try it out and get back to you. That is what I was looking for.
ASKER
Did I say you are Awesome!!!