Date: Fri, 27 Oct 2000 00:16:20 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: "Greg Skafte" <skafte@worldgate.ca> Cc: <freebsd-ipfw@freebsd.org> Subject: Re: could this be a sysctl? Message-ID: <0fc801c03fcc$a8db3370$040aa8c0@local.mindstep.com> References: <39F8CA7B.F409457@worldgate.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
From: "Greg Skafte" <skafte@worldgate.ca>
> I was contemplating could the rule autoincrement number be changed to
> a sysctl? ..... instead of using shell script math, or having to edit
> ip_fw.c to change the default from 100 to somethingelse.
>
> in my firewall scripts it would be nice to just do a
>
> sysctl -w net.inet.ip.fw.countincrement = number
>
> to change the increment value from the 100 default ....
There are about 3 PR's with patches that implement just that...
Here is a patch over a recent (yesterday) RELENG_4 source if you can't wait.
Patrick.
[-- Attachment #2 --]
--- ip_fw.c.orig
+++ ip_fw.c
@@ -79,6 +79,8 @@
static int fw_verbose_limit = 0;
#endif
+static int fw_auto_increment = 100;
+
static u_int64_t counter; /* counter for ipfw_report(NULL...) */
struct ipfw_flow_id last_pkt ;
@@ -102,6 +104,8 @@
&fw_verbose, 0, "Log matches to ipfw rules");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
&fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW,
+ &fw_auto_increment, 0, "Set the increment value for unnumbered rules");
#if STATEFUL
/*
@@ -1458,7 +1462,7 @@
return(0);
}
- /* If entry number is 0, find highest numbered rule and add 100 */
+ /* If entry number is 0, find highest numbered rule and add fw_auto_increment */
if (ftmp->fw_number == 0) {
for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {
if (fcp->rule->fw_number != (u_short)-1)
@@ -1466,8 +1470,8 @@
else
break;
}
- if (nbr < IPFW_DEFAULT_RULE - 100)
- nbr += 100;
+ if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)
+ nbr += fw_auto_increment;
ftmp->fw_number = frwl->fw_number = nbr;
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0fc801c03fcc$a8db3370$040aa8c0>