dbedit and inserting rules

Hi,

I've been adding rules using dbedit, something like the
following:-

addelement fw_policies ##Edge rule security_rule
addelement fw_policies ##Edge rule:2:action
accept_action:accept
modify fw_policies ##Edge rule:2:comments "Test
rule"
addelement fw_policies ##Edge rule:2:services:''
services:ssh
addelement fw_policies ##Edge rule:2:src:''
network_objects:external-network
addelement fw_policies ##Edge rule:2:dst:''
network_objects:host-01
rmelement fw_policies ##Edge rule:2:track: tracks:None
addelement fw_policies ##Edge rule:2:track: tracks:Log

This creates a security rule, unless rule 2 already exists,
in which
case it modifies rule 2.

Is there any way of 'inserting' a rule between two existing
rules?

Also, is there a good reference anywhere on dbedit? I've
managed to find
what bits I know about by cobbling them together from
various websites.

Andy.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

On Wed, Aug 29, 2007 at 08:35:38AM +0100, Andy Smith wrote:
[snip]
> Is there any way of 'inserting' a rule between two
existing rules?

Yah, the policy editor :> However, I can't see it in
dbedit. 
Actually if you're feeling brave, stop the management
server, rm the
appropriate .W (or move it if you're feeling paranoid),
backup
rulebases_5_0.fws, and then edit that file in your favourite
text editor.
(then restart the mgmt station/cma).

Evil, and a really good way to deeply confuse things, but
mostly all that'll
happen is that it won't restart... Of course no guarentees
here, this is
about as far away from being supported as you can get.
> 
> Also, is there a good reference anywhere on dbedit?
I've managed to find
> what bits I know about by cobbling them together from
various websites.
> 
Likewise. dbedit is for crufty hacks rather than anything
serious. As far as
checkpoint is concerned, if they could put a sign saying
"Here be Dragons"[1]
on it, I suspect they would.

		Smaff

[1] Well, SmartDragons perhaps :> Gotta love those
marketroids...
-- 
You happen to be here, now.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================