Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A script to automtically enable and disable the firewall' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A script to automtically enable and disable the firewall
Authored by: CarlRJ on Jul 22, '09 02:49:19PM
Cute idea, and nice use of LaunchDaemons. Couple of points:
  1. There's a closing ")" missing on the end of the "vpn.yourcompany.com" line in the "case $NETWORK in" statement.
  2. The line:
      NETWORK=$(cat /var/run/resolv.conf | grep domain | awk '{print $2}')
    really deserves to be simplified to:
      NETWORK=$(awk '/domain/ {print $2}' /var/run/resolv.conf)
    Why run three commands when one will do?
Essentially, you're turning off the firewall when you're connected inside your company's offices. That's making the assumption that there's zero chance of any other machine in the office being infected/controlled by blackhats. I wouldn't want to make that assumption.

Personally, I turned off the Application Firewall, and set up a script to run at startup that configures a traditional ipfw firewall that blocks any traffic that I'm not expecting (no, I wouldn't recommend this approach for everyone; configuring ipfw involves a lot of details that most people won't want to deal with, and such a setup isn't particularly portable from one machine to another).

[ Reply to This | # ]