From owner-freebsd-ipfw Thu Oct 26 21:16:24 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from modemcable101.200-201-24.mtl.mc.videotron.ca (modemcable030.183-200-24.mtl.mc.videotron.ca [24.200.183.30]) by hub.freebsd.org (Postfix) with SMTP id 644BF37B479 for ; Thu, 26 Oct 2000 21:16:21 -0700 (PDT) Received: (qmail 94714 invoked from network); 27 Oct 2000 04:16:20 -0000 Received: from patrak.local.mindstep.com (HELO PATRAK) (192.168.10.4) by jacuzzi.local.mindstep.com with SMTP; 27 Oct 2000 04:16:20 -0000 Message-ID: <0fc801c03fcc$a8db3370$040aa8c0@local.mindstep.com> From: "Patrick Bihan-Faou" To: "Greg Skafte" Cc: References: <39F8CA7B.F409457@worldgate.ca> Subject: Re: could this be a sysctl? Date: Fri, 27 Oct 2000 00:16:20 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0FC5_01C03FAB.21A7DAA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0FC5_01C03FAB.21A7DAA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit From: "Greg Skafte" > I was contemplating could the rule autoincrement number be changed to > a sysctl? ..... instead of using shell script math, or having to edit > ip_fw.c to change the default from 100 to somethingelse. > > in my firewall scripts it would be nice to just do a > > sysctl -w net.inet.ip.fw.countincrement = number > > to change the increment value from the 100 default .... There are about 3 PR's with patches that implement just that... Here is a patch over a recent (yesterday) RELENG_4 source if you can't wait. Patrick. ------=_NextPart_000_0FC5_01C03FAB.21A7DAA0 Content-Type: application/octet-stream; name="ip_fw.c.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ip_fw.c.patch" --- ip_fw.c.orig=0A= +++ ip_fw.c=0A= @@ -79,6 +79,8 @@=0A= static int fw_verbose_limit =3D 0;=0A= #endif=0A= =0A= +static int fw_auto_increment =3D 100;=0A= +=0A= static u_int64_t counter; /* counter for ipfw_report(NULL...) */=0A= struct ipfw_flow_id last_pkt ;=0A= =0A= @@ -102,6 +104,8 @@=0A= &fw_verbose, 0, "Log matches to ipfw rules");=0A= SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, =0A= &fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules = logged");=0A= +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW, =0A= + &fw_auto_increment, 0, "Set the increment value for unnumbered = rules");=0A= =0A= #if STATEFUL=0A= /*=0A= @@ -1458,7 +1462,7 @@=0A= return(0);=0A= }=0A= =0A= - /* If entry number is 0, find highest numbered rule and add 100 */=0A= + /* If entry number is 0, find highest numbered rule and add = fw_auto_increment */=0A= if (ftmp->fw_number =3D=3D 0) {=0A= for (fcp =3D LIST_FIRST(chainptr); fcp; fcp =3D LIST_NEXT(fcp, = chain)) {=0A= if (fcp->rule->fw_number !=3D (u_short)-1)=0A= @@ -1466,8 +1470,8 @@=0A= else=0A= break;=0A= }=0A= - if (nbr < IPFW_DEFAULT_RULE - 100)=0A= - nbr +=3D 100;=0A= + if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)=0A= + nbr +=3D fw_auto_increment;=0A= ftmp->fw_number =3D frwl->fw_number =3D nbr;=0A= }=0A= =0A= ------=_NextPart_000_0FC5_01C03FAB.21A7DAA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message