# ipfw command to add or delete IP rule



## lrdro (Nov 27, 2013)

Hello,

Thank you for existing and making my life easier . I need your help, please.

I need to create a putty function to work like this.

A command in putty: `ipfw addip [IP]`. This will add in /etc/rules.ipfw the following line:

```
$IPF 460 allow all from [IP] to any 22 in
```

A command in putty: `ipfw removeip [IP]`. This will search in /etc/rules.ipfw for the line with specific [IP] and it will remove it.
Example line:

```
$IPF 460 allow all from [IP] to any 22 in
```

Thank you.


----------



## usdmatt (Nov 27, 2013)

I'm not sure how the putty functions work so I can't help you out there. The main problem I see is that obviously the ipfw command doesn't have addip/removeip functions that will create the rules you want, so you would have to write a script to do it, then run that script from PuTTY. That script would have to be capable of adding lines to /etc/rules.ipfw, searching and removing them, and, I expect, reloading the ruleset.

Alternatively, assuming you are actually using ipfw, you could add a rule similar to the following permanently to your ruleset (I haven't double checked the exact syntax of this or tested it):

```
allow all from "table(1)" to any dst-port 22
```

Then you just need to run the following from PuTTY to add/remove entries dynamically from the table:

```
# ipfw table 1 add myip (myip can be a.b.c.d or a.b.c.d/cidr)

# ipfw table 1 delete myip
or
# ipfw table 1 flush (delete all entries as a table can contain multiple addresses)
```

As these are simple 'one-shot' commands it should make what you are trying to do much easier than trying to edit the ruleset


----------



## lrdro (Nov 27, 2013)

Hello,

*I* have clients that do not know how to use PuTTY and edit a single file, so the single command `addip $IP` or `removeip $IP` will be perfect. *I* have tried as you said but it's not working properly.


----------

