Date: Sun, 14 May 2000 13:40:44 -0600 (MDT) From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/18550: ipfw list|show too verbose (+FIX) Message-ID: <200005141940.e4EJeim48039@orthanc.ab.ca>
next in thread | raw e-mail | index | archive | help
>Number: 18550
>Category: bin
>Synopsis: ipfw list|show always shows dynamic rules (+FIX)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun May 14 12:50:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Lyndon Nerenberg
>Release: FreeBSD 4.0-STABLE i386
>Organization:
The Frobozz Magic Homing Pigeon Company
>Environment:
Any ipfw configuration using dynamic rules (keep-state).
>Description:
IF you use dynamic firewall rules (via keep-state), when listing rules
you always see the dynamic rules. There should be an option to suppress
printing of those rules.
Also, when issuing 'ipfw list|show <rulenumber>' you also see all the
dynamic rules. This seems to violate POLA: if I'm asking for one
rule, I really only want to see that rule, and not all the dynamic
rules.
>How-To-Repeat:
>Fix:
The attached patch adds a -d flag that suppresses printing of
dynamic rules. It also modifies the behaviour of the list and
show subcommands to not display the dynamic rules if the subcommand
specifies a rule number.
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# ipfw.diff
#
echo x - ipfw.diff
sed 's/^X//' >ipfw.diff << 'END-of-ipfw.diff'
X--- ipfw.c 2000/05/11 23:02:35 1.1
X+++ ipfw.c 2000/05/11 23:19:43
X@@ -69,6 +69,7 @@
X int do_force=0; /* Don't ask for confirmation */
X int do_pipe=0; /* this cmd refers to a pipe */
X int do_sort=0; /* field to sort results (0=no) */
X+int do_dynamic=1; /* display dynamic rules */
X
X struct icmpcode {
X int code;
X@@ -656,6 +657,7 @@
X warnx("invalid rule number: %s", *(av - 1));
X continue;
X }
X+ do_dynamic = 0;
X for (seen = n = 0; n < num; n++) {
X struct ip_fw *const r = &rules[n];
X
X@@ -679,7 +681,7 @@
X /*
X * show dynamic rules
X */
X- if (num * sizeof (rules[0]) != nbytes ) {
X+ if (do_dynamic && num * sizeof (rules[0]) != nbytes ) {
X struct ipfw_dyn_rule *d =
X (struct ipfw_dyn_rule *)&rules[num] ;
X struct in_addr a ;
X@@ -1791,13 +1793,16 @@
X do_force = !isatty(STDIN_FILENO);
X
X optind = optreset = 1;
X- while ((ch = getopt(ac, av, "s:afqtN")) != -1)
X+ while ((ch = getopt(ac, av, "s:adfqtN")) != -1)
X switch(ch) {
X case 's': /* sort */
X do_sort= atoi(optarg);
X break;
X case 'a':
X do_acct=1;
X+ break;
X+ case 'd':
X+ do_dynamic=0;
X break;
X case 'f':
X do_force=1;
X--- ipfw.8 2000/05/11 23:27:51 1.1
X+++ ipfw.8 2000/05/11 23:28:08
X@@ -31,7 +31,7 @@
X .Op Ar number ...
X .Nm ipfw
X .Op Fl s Op Ar field
X-.Op Fl aftN
X+.Op Fl adftN
X .Es \&{ \&}
X .En Cm list | show
X .Op Ar number ...
X@@ -146,6 +146,8 @@
X See also the
X .Cm show
X command.
X+.It Fl d
X+While listing, do not print the dynamic rules.
X .It Fl f
X Don't ask for confirmation for commands that can cause problems
X if misused,
END-of-ipfw.diff
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005141940.e4EJeim48039>