Dynamically Assigning Firewall Rules with Radius

Similar Messages

• Add firewall rule with custom environment variable in program path

  Hi,
  We want to create a firewall rule for a program which is placed in folder which changes sometimes. I know you can add a firewall with the ProgramFiles environment variable like this:
  netsh advfirewall firewall add rule name="Test Firewall rule" dir=in program="%%ProgramFiles%%\Test\Test.exe" action=allow security=notrequired
  The environment variable ProgramFiles isn't expanded and if the Program Files folder is different on a system the rule still works.
  We try to use this with a custom environment variable which we set a system environment variable with this command:
  SETX SomeFolder "D:\Some Folder\Apr 2015" /M
  If we use the command below to add the firewall rule in a batch file the environment variable SomeFolder is expanded correctly and the program path is added as a static path.
  netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%SomeFolder%\AFile.exe" action=allow security=notrequired
  Because the folder changes sometimes we want to change the environment variable SomeFolder and not remove the old firewall rule and create a new one. We want to add the environment variable SomeFolder to the program path as a (dynamic) environment variable
  and not as the expanded path at the moment when the rule is added. If we use this command:
  netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%%SomeFolder%%\AFile.exe" action=allow security=notrequired
  We get the error:
            Windows Firewall with Advanced Security
            An error occurred while adding the rule.
            Error: The parameter is incorrect
            Status: The application name could not be resolved
            OK   
  Why can't we use %%SOMEFOLDER%% like we can use %%PROGRAMFILES%%? The same error is shown when we try to add the firewall rule through the management console 'Windows Firewall with Advanced Security'
  W. Spu

  Hi,
  Based on my plenty of test with this problem, it seems like there is no better method to achieve your requirement. To add new policy to firewall, it would be better using general cmdlet. The path parameter like %%SomeFolder%% do have problem in add firewall
  policy cmdlet. 
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Winfows Firewall rule

  Hi all
  i need a script for enable firewall rules with inbound and outbound rules
  please help me

  PowerShell 3.0 does not include the NetSecurity module or its cmdlets. To use those cmdlets, you will need PowerShell 4.0 on Windows 8.1 or Server 2012 R2.
  In order to modify the Windows Firewall in earlier versions of Windows you will need to use netsh. This windows programs can be used in the PowerShell console and used inside PowerShell scripts. Please keep in mind that netsh is different between different
  versions of Windows. The netsh commands you use in XP are different than in Windows Vista and Windows 7. This was due to the introduction of the Windows Firewall with Advanced Security in Windows Vista vs Windows Firewall introduced in XP SP2.
  I am not aware of a way to modify WF with WMI.
  This URL has some examples of using netsh firewall and netsh advfirewall.
  http://support.microsoft.com/kb/947709/en-us
  Edit: Added URL

• WLC- dynamic Vlan assignment with Radius

  Hello, we would like to use this feature in our company and because of that I am now testing it. But I found one problem.
  I created one testing SSID and two Vlans on WLC. On ACS I use an IETF atributes (064,065,081) for my account and I am changing Vlan ID (081) during testing.
  It works with LEAP but when I use PEAP-GTC (which we use commonly in our company) the ip address is not assigned properly (ip which was assigned before remains).
  Could you please help me?

  There is good document which explains how to configure Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller. This will help you. You will find the document at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

• Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points

  Hi Guys,
  I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1300". I want the AP to broadcast only 1 SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
  The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1300. I can connect to the radius server, but I am not sure how to confirgure the AP's port, radio port, vlan and SSID.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
  I go through some references:
  3.5  RADIUS-Based VLAN Access Control
  As discussed earlier, each SSID is mapped to a default VLAN-ID on the wired side. The IT administrator may wish to impose back end (such as RADIUS)-based VLAN access control using 802.1X or MAC address authentication mechanisms. For example, if the WLAN is set up such that all VLANs use 802.1X and similar encryption mechanisms for WLAN user access, then a user can "hop" from one VLAN to another by simply changing the SSID and successfully authenticating to the access point (using 802.1X). This may not be preferred if the WLAN user is confined to a particular VLAN.
  There are two different ways to implement RADIUS-based VLAN access control features:
  1. RADIUS-based SSID access control: Upon successful 802.1X or MAC address authentication, the RADIUS server passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge.
  2. RADIUS-based VLAN assignment: Upon successful 802.1X or MAC address authentication, the RADIUS server assigns the user to a predetermined VLAN-ID on the wired side. The SSID used for WLAN access doesn't matter because the user is always assigned to this predetermined VLAN-ID.
  extract from: Wireless Virtual LAN Deployment Guide
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
  ==============================================================
  Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
  ==============================================================
  Controller: Wireless Domain Services Configuration
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml
  Any help on this issue is appreicated.
  Thanks.

  I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
  I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
  Hope this helps

• Guided Procedure: Dynamical User Assignment at Runtime with WD API

  Hallo out there,
  I'm trying to assign a user to a process role.
  I set up my process in that way:
  Process as root,
  sequential block,
  First action with callable Object,
  Second action with callable Object,
  It looks quite easy.
  The callable Objects are embedded WD4J UI's and the data transfer GP Context, etc works fine
  I'm still starting the process with the GP Designtime center, not via Webdynpro method (startProcess).
  The following codesd snippets are placed in the execute method of the first callable object.
  I guess a have to use the runtime methods.. not the designtime methods to assign the users
  For example:
  In Step 1 - execute Method: 
  discovering the user for processing step2!
  assigning the to the processrole depending for step2!
  My Coding in step 1 looks like this:
  First step: Getting the user infos:
  //  Retrieve an IUser instance by a logon ID specified dynamically at runtime.
            IUser userStep1;
            IUser userStep2;
                userStep1 = UMFactory.getUserFactory().getUserByLogonID("user1");
                userStep2 = UMFactory.getUserFactory().getUserByLogonID("user2");
                IGPUserContext userContext;
                IGPUserContext userContext2;
                   userContext = GPContextFactory.getContextManager().createUserContext(userStep1);
                userContext = GPContextFactory.getContextManager().createUserContext(userStep2);
                IGPRuntimeManager rtm = GPProcessFactory.getRuntimeManager();
  Now, i want to assign user2 to step2 :
     IGPProcess process =  GPProcessFactory.getDesigntimeManager().getActiveTemplate(
                        // by specifying its ID
                        processId,
                        // and the user accessing it
                        userContext);
               // create an empty role assignment list
               IGPProcessRoleInstanceList roles = rtm.createProcessRoleInstanceList();
               // get the process role number
               int rolenum = process.getRoleInfoCount();
               // iterate over the required roles
               for (int i = 0; i < rolenum; i++) {
             msgmr.reportSuccess("Anzahl der gefunden Prozessrollen: " + rolenum);
                  // create a new role instance by specifying the role's unique name
                  IGPProcessRoleInstance roleInstance = roles. createProcessRoleInstance(process.getRoleInfo(i).getRoleName());
     // add a user to the role instance
                  roleInstance.addUser(userStep2);
                  // add the new role to the assignment list
                  roles.addProcessRoleInstance(roleInstance);   
  I guess the problem is, that i call the wrong method to assign the user. I need to assign the user with following code snippet...
  // dynamically assign a user to a role
  rtm.addRuntimeDefinedUserToRole(
                    // process instance
                    prInstance,
                    // role name
                    "Processor",
                    // user that is assigned (IUser)
                    user,
                    // user context (IGPUserContext)
                    userContext);
  // dynamically change the user assigned to a role for a particular task
  String prInstanceID = prInstance.getID();
  rtm.changeTaskProcessor(
                    // process instance ID
                    prInstanceID,
                    // activity instance ID
                    activityInstanceID,
                    // current user (IGPUserContext)
                    currentProcessorContext,
                    // new user (IGPUserContext)
                    newProcessorContext);
  Thank you for any hint.

  Hi,
  Refer this
  Re: Adding users to a process role at runtime   method :- addRuntimeDefinedUser

• Appending Firewall Rules to vShield Edge with PowerCLI Script

  Hi,
  I have a script which enables us to upload 4k worth of firewall rules, but every time it executes, all existing rules are over written.
  Is this something to do with the API or just a scripting issue - if so, can anyone suggest how to append on to the existing set?
  Update:
  So obviously the following line seems to create a new instance of the firewall:
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  Because the next 3 lines after are setting the main firewall parameters again - something you wouldn't need to do if we were just adding new rules to the existing firewall.
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  Is there a way to use a PowerShell command such as add-member rather than new-object?
  param (
  [parameter(Mandatory = $true, HelpMessage="vCD Server")][alias("-server","s")][ValidateNotNullOrEmpty()][string[]]$CIServer,
  [parameter(Mandatory = $true, HelpMessage="Org")][alias("-vOrg","o")][ValidateNotNullOrEmpty()][string[]]$orgName,
  [parameter(Mandatory = $true, HelpMessage="OrgNet")][alias("-orgNet","n")][ValidateNotNullOrEmpty()][string[]]$orgNet,
  [parameter(Mandatory = $true, HelpMessage="CSV Path")][alias("-file","f")][ValidateNotNullOrEmpty()][string[]]$csvFile
  # Add in the VI Toolkit
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Core
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Cloud -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Cloud
  try {
  Connect-CIServer -Server $CIServer 2>&1 | out-null
  } catch {
  Exit
  #Search EdgeGW
  try {
    $myOrgNet = Get-Org -Name $orgName | Get-OrgNetwork -Name $orgNet
    $edgeHREF = $myOrgNet.ExtensionData.EdgeGateway.Href
    $edgeView = Search-Cloud -QueryType EdgeGateway -ErrorAction Stop | Get-CIView | where {$_.href -eq $edgeHREF}
  } catch {
  [System.Windows.Forms.MessageBox]::Show("Exception: " + $_.Exception.Message + " - Failed item:" + $_.Exception.ItemName ,"Error.",0,[System.Windows.Forms.MessageBoxIcon]::Exclamation)
    Exit
  #Item to Configure Services
  $edgeView.Configuration.EdgeGatewayServiceConfiguration
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  $fwService.FirewallRule = @()
  Ipcsv -path $csvFile |
  foreach-object
  $fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
  $rowNum = $_.Num -as [int]
  $fwService.FirewallRule[$rowNum].description = $_.Descr
  $fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
  switch ($_.Proto)
  "tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }
  "udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }
  "any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  default { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  $fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP
  if ($_.SrcPort -eq "any" ) { $srcPort = "-1" } else { $srcPort = $_.SrcPort }
  $fwService.FirewallRule[$rowNum].sourceport = $srcPort
  $fwService.FirewallRule[$rowNum].destinationip = $_.DstIP
  $fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange
  $fwService.FirewallRule[$rowNum].policy = $_.Policy
  #$fwService.FirewallRule[$rowNum].direction = $_.Direction
  #$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)
  $fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)
  $fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)
  #configure Edge
  $edgeView.ConfigureServices($fwService)
  Thanks,
  Scott.

  Hi,
  Agree with Ed, you can publish CAS array VIP to internet, and use it to configure Federated Delegation.
  Thanks.
  Niko Cheng
  TechNet Community Support

• Reconciliation Action Rule action - Assign To Administrator With Least Load

  I have a recon action rule "No Matches Found - Assign To Administrator With Least Load" and I want to know what exactly is supposed to happen. I know when the condition is met the event in the recon manager gets assigned to the admin with the least load, but is there something else that should happen? I was hoping that a task item or something would be created for the admin or a notification but from what I see the only way an admin would know about the event is by searching the recon manager. I am using OIM 9.1.
  Thanks

  I'd like to know the answer to this too. I'd like to imagine that unlinked recon events (or events where there is more than one match) would get assigned to xelsysadm and appear in the xlwebapp, but do they? And if not how can it be done? I've tried searching OIM docco and this forum for an answer but I cant find squat. I'm running OIM 9.101 patchset 5.
  Sorry to dig up an old post for everyone, but it would be good to see this answered for others to reference if they have the same issue.

• Why are firewall rules changing themselves dynamically??

  I'm looking at the Active Rules window of my Firewall service on the Server Admin. It seems to be changing itself! As I sit there and watch it, I see some rules come and go. These look like
  (1s) STATE udp 127.0.0.1 661 <-> 127.0.0.1 989
  The rules appear and then disappear. How can firewall rules be dynamic like that?!? What is a "STATE" rule?
  Mike

  Niel wrote:
  Click here for information.
  (35806)
  sorry, this doesn't seem to be a link. Please re-post the URL?
  Mike

• 'Rules' with firewall inactive

  Hi,
  I have the firewall stopped on my Tiger server. But when I run
  sudo ipfw l (lowercase L)
  I get the following rules:
  00001 allow udp from any 626 to any dst-port 626
  65535 allow ip from any to any
  Is this what others see when firewall is inactive or do I have something messed up?
  Why is port 626 altered by default? I don't run IMAP mail services.
  Thanks,
  b.

  I revisted to edit the first post but was just too late...
  Here is what I should have posted:
  Hi,
  Please could someone post the output of running the following on a 10.4.6 server without the firewall active:
  sudo ipfw l (lowercase L)
  I have the firewall stopped on my Tiger server. But when I run the above command I get the following active rules:
  00001 allow udp from any 626 to any dst-port 626
  65535 allow ip from any to any
  Is this what others see when firewall is inactive or do I have something messed up?
  In my system log at startup I see:
  May 11 09:21:34 myserver /usr/sbin/serialnumberd[257]: serialnumberd: Firewall rule #1 added to allow port 626.
  I'm having OD binding problems and since all my DNS seems fine I'm looking at other possible causes, eg. firewall.
  Thanks,
  b.

• C2960 with RADIUS

  Hello, everyone!
  I have a problem with dynamic VLAN assignment. The setup is basically the following:
  Host - Switch - RADIUS Server
  I have no problem authenticating, messages get through without any problems.
  The thing is the switch doesn't seem to notice the additional info the RADIUS server provides, e.g. the [64] Tunnel-Type, [65] Tunnel-Medium-Type, and [81] Tunnel-Private-Group-ID.
  Here is my sw configuration and some radius configuration
  Current configuration : 1795 bytes
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Switch
  boot-start-marker
  boot-end-marker
  aaa new-model
  aaa authentication dot1x default group radius
  aaa session-id common
  system mtu routing 1500
  ip subnet-zero
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface GigabitEthernet0/2
  switchport mode access
  dot1x pae authenticator
  dot1x port-control auto
  dot1x violation-mode protect
  interface GigabitEthernet0/3
  switchport mode access
  dot1x pae authenticator
  dot1x port-control auto
  dot1x violation-mode protect
  interface Vlan1
  ip address 10.2.1.4 255.255.255.0
  no ip route-cache
  ip http server
  ip http secure-server
  radius-server host 10.2.1.2 auth-port 1812 acct-port 1813
  radius-server key testing123
  control-plane
  end
  The VLANs are:
  VLAN Name                             Status    Ports
  1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
                                                  Gi0/5, Gi0/6, Gi0/7, Gi0/8
                                                  Gi0/9, Gi0/10, Gi0/11, Gi0/12
                                                  Gi0/13, Gi0/14, Gi0/15, Gi0/16
                                                  Gi0/17, Gi0/18, Gi0/19, Gi0/20
                                                  Gi0/21, Gi0/22, Gi0/23, Gi0/24
  2    MAN                              active
  3    GRE                              active
  4    BLU                              active
  13   GUEST                            active
  99   NATVIE                           active
  1002 fddi-default                     act/unsup
  1003 token-ring-default               act/unsup
  1004 fddinet-default                  act/unsup
  1005 trnet-default                    act/unsup
  The RADIUS user is:
  userc   Cleartext-Password := "pass3"
          Service-Type = Framed-User,
          Tunnel-Medium-Type = "802",
          Tunnel-Type = "VLAN",
          Tunnel-Private-Group-Id = "GRE"
  IOS Version 12.2(44)SE6
  As you see, it's a pretty standard configuration and although the authentication itself works, the dynamic VLAN assignment doesn't.
  Any ideas on what might solve the problem?

  Thank you very much for pointing that out!   We have it working finally!
  For anyone reading and searching the net on this topic, here's what works for me:
  The FreeRADIUS Server is mostly with its default settings, apart from the things you have to change in order for mschapv2 authentication to work and this:
  eap.conf -> copy_request_to_tunnel = yes
  clients.conf -> client 10.2.1.4 {
                                                  secret = somesecret
                                                  shortname = blah_blah
                                                  nastype = cisco
  users ->         user   Cleartext-Password := "pass"
                                   Service-Type = Framed-User,
                                   Tunnel-Medium-Type = "IEEE-802",
                                   Tunnel-Type = "VLAN",
                                   Tunnel-Private-Group-Id = 2
  For the 'Tunnel-Private-Group-Id' attribute you can supply either the number of the VLAN or its NAME. It's case-sensitive and be sure to add the VLAN     manually (or via VTP) to the switch before attempting dynamic assignment. The Tunnel-Medium-Type I use IEEE-802. Just "802" does not work, contrary to some internet articles.
  For the IOS c2960-lanbasek9-mz.122-44.SE6, I use the following info:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/sw8021x.html#wp1025133
  all the way down to 'Configuring the Host Mode'. I had to enable the VSA functions or whatever it is with the radius-server vsa send authentication.
  For the IOS c2960-lanbasek9-mz.122-53.SE2 I use this:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/configuration/guide/sw8021x.html#wp1025133
  all the way down to 'Configuring the Host Mode'. I had to enable the VSA functions or whatever it is with the radius-server vsa send authentication.
  Thanks again and happy networking!!

• SA540 Firewall Rules Fail when Optional Port Configured to Failover

  Today, I configured a client's SA540 for failover.  The primary WAN port is FIOS with a static IP address.  The optional port is Road Runner cable with a static IP address.  The failover tested successfully.  However, now the SA540 cannot be accessed on its internal IP address (https://192.168.1.1) and none of the firewall rules work any longer.  There are several rules but to name two; remote desktop port forwarding to an internal server, and HTTPS to another internal server.  Both rules use IP addresses different than the SA540's WAN IP address.  Additional external IP addresses were configured previously and assigned and they worked up to the point were the failover was configured.
  Now here is the strange part.  If the optional port cable is removed from the port, everything returns to normal, but plug it back in and problems.  I even tried disabling failover in the SA540's configuration and it made no difference unless the cable was unplugged.
  As you might imagine the client is upset about this.  Anyone have any ideas? 
  The firmware is 2.1.18.
  Tony
  PS.  About an hour after I posted this, I tried moving the remote desktop external connection from one of the additional IP addresses configured in the SA540 to the dedicated WAN address and remote desktop sessions were then forwarded into the correct server.  Apparently, the additional IP addresses are not working with the two ISP failover configured, or at least it doesn't work in my configuration.  Any help on this would be much appreciated.  The additional IP addresses are configured in the same subnet as the dedicated (primary) WAN port.   Again, this worked until failover with another ISP was configured.

  This issue has been resolved. After much testing and discussions with the great guys at Cisco TAC, we determined that Verizon FIOS is doing something on their routers to defeat use of IP aliasing. If you have FIOS and you must have more than one IP address and expect to create an IP alias to direct traffic in a 1 to 1 NAT to a node on your network, FIOS doesn’t work. Contact with Verizon technical support is no help. They are oblivious to the problem and don’t want to be bothered.
  Tony Lombardi

• ISA 550 Firewall Rule - how to specify a domain (to resolve a DDNS)

  I want to lock down access to an ISA 550 Firewall to 4 locations.  2 of the locations have dynamic IP addresses.
  Both sites have a dynamic domain maintained at no-ip.org.
  How can I enter 'name.no-ip.org' in to a firewall rule?

  There is not a way to use a domain name in a firewall rule.  When the traffic comes in the packets are addressed with IPs, not with domain names, so when the router looks things up it compares IP addresses. 
  In fact I have never seen this done, even on an enterprise device.  I'm not saying nothing can do it, but it definitely isn't possible with the ISA. 
  Your best bet would be to try and get some static IPs for those two sites as well.
  It is however possible to setup site-to-site VPNs between these devices even if some of them are using DDNS.  This does require those other site's routers to support site-to-site tunnels.  That way those four sites would be able to access resources behind the ISA, but no one else would, and you could still keep using the DDNS for the two dynamic sites.
  Thank you for choosing Cisco,
  Christopher Ebert
  Network Support Engineer - Cisco Small Business Support Center
  *please mark/rate helpful answers*

• How to reload firewall rules from command line on firewall ?

  Hi all,
  I am trying to create script that controls firewall on server. OS version is OS X Server 10.5.6.
  Part of firewall rules is created using firewall admin tools, part of Server Admin Tools. My first question is where are those rules stored permanently ? As far as I understood it should be set of ipfw rules but they are not stored in /etc/ipfilter/ipfw.conf.
  Idea of script is this:
  I have set of rules that should be controlled by Server Admin Tools.
  Also, I have some dynamic rules.
  Whenever some change occurs, I created script that does following:
  /sbin/ipfw -f flush - to flush all existing rules
  /sbin/serveradmin stop ipfilter - to stop existing firewall
  /sbin/serveradmin start ipfilter - to restart firewall and reload permanent rules
  Add my set of rules...
  After flushing all rules and issuing stop and start ipfilter none of rules set through Server Admin Tools are not reloaded. So how should I reload them ? How to save them permanently in the first place ?
  Please note that I do not have access to server (for security reasons). I am developing script on my Mac, sending to client and he tests it. So I cannot do a lot of testing.
  Thank you in advance.
  Best regards,
  Dusan

  Unix and Terminal queries are best posted to the Unix forum under OS X Technologies where those mavens frolic.

• Dynamically assign value to a column in ALV LIST Display

  Hi all,
  How can I dynamically assign value to a column in ALV LIST Display without using classes and methods?
  Thanks,
  Ridhima

  Hi Vikranth,
  I am displaying one ALV list say with columns A and B.
  I have value in A but not in B. Now at runtime user selects one row, clicks on push button in application toolbar, then i have to display value in column B in the already displayed list.
  I searched and came to know it can be done with oops concept. but i am not using classes and methods.
  so how can i do this?
  Thanks,
  Ridhima.