ipfw rules to run on startup

Discussion in 'Mac OS X Lion (10.7)' started by DarthMuflon, Jul 10, 2013.

  1. macrumors newbie

    Joined:
    Jul 10, 2013
    #1
    Hello to everyone

    I wanted to limit my internet speed with terminal commands:

    sudo ipfw pipe 1 config bw 200KBytes/s
    sudo ipfw add pipe 1 all from any to any in

    and that works.
    But with computer restart that setting is gone, so I have to write it again.
    And I came to idea to make a deamon that does it.

    I wrote a file with content:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://
    www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>Label</key>
    <string>ipfw</string>
    <key>Program</key>
    <string>/sbin/ipfw</string>
    <key>ProgramArguments</key>
    <array>
    <string>/sbin/ipfw</string>
    <string>/etc/ipfw.conf</string>
    </array>
    <key>RunAtLoad</key>
    <true />
    </dict>
    </plist>

    and save it on path /Library/Launch Daemons/ipwf.plist

    and I also made a file /etc/ipfw.conf with content

    /sbin/ipfw -f -q flush
    /sbin/ipfw pipe 1 config bw 200KByte/s
    /sbin/ipfw add pipe 1 all from any to any in
    /sbin/ipfw -q /etc/ipfw.conf

    but after computer restart I don't have limitation setting, and ipfw has just a default settings.

    Can you help me?
     
  2. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #2
    How about putting in in Applescript then have the Applescript launch at boot?


    Code:
    do shell script "sudo ipfw pipe 1 config bw 200KBytes/s"
    do shell script "sudo ipfw add pipe 1 all from any to any in"
     
  3. chown33, Jul 11, 2013
    Last edited: Jul 11, 2013

    macrumors 603

    Joined:
    Aug 9, 2009
    #3
    This appears to be a shell script, rather than a list of ipfw rules.

    Referring to the ipfw man page:
    https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html
    To ease configuration, rules can be put into a file which is processed using ipfw as shown in the last synopsis line. An absolute pathname must be used. The file will be read line by line and applied as arguments to the ipfw utility. [underline added]


    If the file is a shell script, the correct contents of the plist should be:
    Code:
    <key>ProgramArguments</key>
    <array>
    <string>[B]/bin/bash[/B]</string>
    <string>/etc/ipfw.conf</string>
    </array>
    
    and you should remove the Program key. Read the man page for launchd.plist.
    Program <string>
    This key maps to the first argument of execvp(3). If this key is missing, then the first element of the array of strings provided to the ProgramArguments will be used instead. This key is required in the absence of the ProgramArguments key.


    When testing, you should be able to run a command like ProgramArguments lists, and have it work correctly in Terminal. If it fails in Terminal, it's probably going to fail as a launchd plist.

    You seem to have gone from these Terminal command lines:
    Code:
    sudo ipfw pipe 1 config bw 200KBytes/s
    sudo ipfw add pipe 1 all from any to any in
    
    to a launchd plist file, without ever testing whether the /etc/ipfw.conf file actually worked with ipfw on a Terminal command line. Refer to the ipfw man page for how to run the command so it reads rules from a file. Or tell launchd to run a shell script, because the file appears to contain shell commands.


    EDIT
    In a shell script, this line is wrong:
    Code:
    /sbin/ipfw -q /etc/ipfw.conf
    
    Leaving it in would tell the shell to run the commands in /etc/ipfw.conf, whose last command tells the shell to run the commands in /etc/ipfw.conf, whose last command ... etc. Remove it and avoid death by endless recursion.
     

Share This Page