Date: Wed, 3 May 2000 06:57:39 -0400 (EDT) From: Omachonu Ogali <oogali@intranova.net> To: Darcy Buskermolen <darcy@ok-connect.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw and rule strangeness Message-ID: <Pine.BSF.4.10.10005030640250.8491-100000@hydrant.intranova.net> In-Reply-To: <3.0.32.20000501190519.01ed3ea0@mail.ok-connect.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 May 2000, Darcy Buskermolen wrote: > I have a program that I use to dynamically create and destroy ipfw rules, > however I just noticed something rather frustrating... > > # ipfw add deny ip from hacker.host to server.host > 00000 deny ip from hacker.host to server.host 00000 is the number shown since you specified no rule number and it isn't assigned until after the rule is set. > # ipfw show 00000 > ipfw: rule 0 does not exist > > Looks like the rule number that is being echo'd back is not the same rule > it applied to the rule. > (my work around has been to grep for deny ip from hacker.host to server.host > and grab that rule number, but that seams like a bad way of doing it) > > My question, is this the expected behavior, or is it not, and while I'm on > the subject is there a way to change the default increment from 100 to > something smaller ? > > \\DB Here's a patch. -- snip -- --- sys/netinet/ip_fw.c.orig Wed May 3 06:42:28 2000 +++ sys/netinet/ip_fw.c Wed May 3 06:46:29 2000 @@ -176,6 +176,10 @@ &dyn_rst_lifetime, 0, "Lifetime of dyn. rules for other situations"); #endif /* STATEFUL */ +static u_int32_t rule_increment = 100; +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, rule_increment, CTLFLAG_RW, + &rule_increment, 0, "Value to increment non-numbered ipfw rules by"); + #endif #define dprintf(a) do { \ @@ -1440,7 +1444,7 @@ return(0); } - /* If entry number is 0, find highest numbered rule and add 100 */ + /* If entry number is 0, find highest numbered rule and add rule_increment */ if (ftmp->fw_number == 0) { for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) { if (fcp->rule->fw_number != (u_short)-1) @@ -1448,8 +1452,8 @@ else break; } - if (nbr < IPFW_DEFAULT_RULE - 100) - nbr += 100; + if (nbr < IPFW_DEFAULT_RULE - rule_increment) + nbr += rule_increment; ftmp->fw_number = nbr; } -- snip -- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10005030640250.8491-100000>