Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ipfw rules to run on startup

D

DarthMuflon

macrumors newbie
Original poster
Jul 10, 2013
1
0
Hello to everyone

I wanted to limit my internet speed with terminal commands:

sudo ipfw pipe 1 config bw 200KBytes/s
sudo ipfw add pipe 1 all from any to any in

and that works.
But with computer restart that setting is gone, so I have to write it again.
And I came to idea to make a deamon that does it.

I wrote a file with content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://
www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ipfw</string>
<key>Program</key>
<string>/sbin/ipfw</string>
<key>ProgramArguments</key>
<array>
<string>/sbin/ipfw</string>
<string>/etc/ipfw.conf</string>
</array>
<key>RunAtLoad</key>
<true />
</dict>
</plist>

and save it on path /Library/Launch Daemons/ipwf.plist

and I also made a file /etc/ipfw.conf with content

/sbin/ipfw -f -q flush
/sbin/ipfw pipe 1 config bw 200KByte/s
/sbin/ipfw add pipe 1 all from any to any in
/sbin/ipfw -q /etc/ipfw.conf

but after computer restart I don't have limitation setting, and ipfw has just a default settings.

Can you help me?
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,137
15,601
California
How about putting in in Applescript then have the Applescript launch at boot?


Code: 
do shell script "sudo ipfw pipe 1 config bw 200KBytes/s"
do shell script "sudo ipfw add pipe 1 all from any to any in"
 
chown33

chown33

Moderator
Staff member
Aug 9, 2009
10,751
8,423
A sea of green
DarthMuflon said:
...
and I also made a file /etc/ipfw.conf with content

/sbin/ipfw -f -q flush
/sbin/ipfw pipe 1 config bw 200KByte/s
/sbin/ipfw add pipe 1 all from any to any in
/sbin/ipfw -q /etc/ipfw.conf
Click to expand...
This appears to be a shell script, rather than a list of ipfw rules.

Referring to the ipfw man page:
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html
To ease configuration, rules can be put into a file which is processed using ipfw as shown in the last synopsis line. An absolute pathname must be used. The file will be read line by line and applied as arguments to the ipfw utility. [underline added]


If the file is a shell script, the correct contents of the plist should be:
Code: 
<key>ProgramArguments</key>
<array>
<string>[B]/bin/bash[/B]</string>
<string>/etc/ipfw.conf</string>
</array>
and you should remove the Program key. Read the man page for launchd.plist.
Program <string>
This key maps to the first argument of execvp(3). If this key is missing, then the first element of the array of strings provided to the ProgramArguments will be used instead. This key is required in the absence of the ProgramArguments key.


When testing, you should be able to run a command like ProgramArguments lists, and have it work correctly in Terminal. If it fails in Terminal, it's probably going to fail as a launchd plist.

You seem to have gone from these Terminal command lines:
Code: 
sudo ipfw pipe 1 config bw 200KBytes/s
sudo ipfw add pipe 1 all from any to any in
to a launchd plist file, without ever testing whether the /etc/ipfw.conf file actually worked with ipfw on a Terminal command line. Refer to the ipfw man page for how to run the command so it reads rules from a file. Or tell launchd to run a shell script, because the file appears to contain shell commands.


EDIT
In a shell script, this line is wrong:
Code: 
/sbin/ipfw -q /etc/ipfw.conf
Leaving it in would tell the shell to run the commands in /etc/ipfw.conf, whose last command tells the shell to run the commands in /etc/ipfw.conf, whose last command ... etc. Remove it and avoid death by endless recursion.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom