From owner-freebsd-bugs Sun May 14 12:50:10 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 7D75037B6FE for ; Sun, 14 May 2000 12:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id MAA54410; Sun, 14 May 2000 12:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from orthanc.ab.ca (orthanc.ab.ca [207.167.3.130]) by hub.freebsd.org (Postfix) with ESMTP id 162AA37B6F8 for ; Sun, 14 May 2000 12:40:46 -0700 (PDT) (envelope-from lyndon@orthanc.ab.ca) Received: (from lyndon@localhost) by orthanc.ab.ca (8.10.0.Beta11/8.10.0.Beta6) id e4EJeim48039; Sun, 14 May 2000 13:40:44 -0600 (MDT) Message-Id: <200005141940.e4EJeim48039@orthanc.ab.ca> Date: Sun, 14 May 2000 13:40:44 -0600 (MDT) From: Lyndon Nerenberg Reply-To: lyndon@orthanc.ab.ca To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/18550: ipfw list|show too verbose (+FIX) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 18550 >Category: bin >Synopsis: ipfw list|show always shows dynamic rules (+FIX) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun May 14 12:50:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Lyndon Nerenberg >Release: FreeBSD 4.0-STABLE i386 >Organization: The Frobozz Magic Homing Pigeon Company >Environment: Any ipfw configuration using dynamic rules (keep-state). >Description: IF you use dynamic firewall rules (via keep-state), when listing rules you always see the dynamic rules. There should be an option to suppress printing of those rules. Also, when issuing 'ipfw list|show ' you also see all the dynamic rules. This seems to violate POLA: if I'm asking for one rule, I really only want to see that rule, and not all the dynamic rules. >How-To-Repeat: >Fix: The attached patch adds a -d flag that suppresses printing of dynamic rules. It also modifies the behaviour of the list and show subcommands to not display the dynamic rules if the subcommand specifies a rule number. # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ipfw.diff # echo x - ipfw.diff sed 's/^X//' >ipfw.diff << 'END-of-ipfw.diff' X--- ipfw.c 2000/05/11 23:02:35 1.1 X+++ ipfw.c 2000/05/11 23:19:43 X@@ -69,6 +69,7 @@ X int do_force=0; /* Don't ask for confirmation */ X int do_pipe=0; /* this cmd refers to a pipe */ X int do_sort=0; /* field to sort results (0=no) */ X+int do_dynamic=1; /* display dynamic rules */ X X struct icmpcode { X int code; X@@ -656,6 +657,7 @@ X warnx("invalid rule number: %s", *(av - 1)); X continue; X } X+ do_dynamic = 0; X for (seen = n = 0; n < num; n++) { X struct ip_fw *const r = &rules[n]; X X@@ -679,7 +681,7 @@ X /* X * show dynamic rules X */ X- if (num * sizeof (rules[0]) != nbytes ) { X+ if (do_dynamic && num * sizeof (rules[0]) != nbytes ) { X struct ipfw_dyn_rule *d = X (struct ipfw_dyn_rule *)&rules[num] ; X struct in_addr a ; X@@ -1791,13 +1793,16 @@ X do_force = !isatty(STDIN_FILENO); X X optind = optreset = 1; X- while ((ch = getopt(ac, av, "s:afqtN")) != -1) X+ while ((ch = getopt(ac, av, "s:adfqtN")) != -1) X switch(ch) { X case 's': /* sort */ X do_sort= atoi(optarg); X break; X case 'a': X do_acct=1; X+ break; X+ case 'd': X+ do_dynamic=0; X break; X case 'f': X do_force=1; X--- ipfw.8 2000/05/11 23:27:51 1.1 X+++ ipfw.8 2000/05/11 23:28:08 X@@ -31,7 +31,7 @@ X .Op Ar number ... X .Nm ipfw X .Op Fl s Op Ar field X-.Op Fl aftN X+.Op Fl adftN X .Es \&{ \&} X .En Cm list | show X .Op Ar number ... X@@ -146,6 +146,8 @@ X See also the X .Cm show X command. X+.It Fl d X+While listing, do not print the dynamic rules. X .It Fl f X Don't ask for confirmation for commands that can cause problems X if misused, END-of-ipfw.diff exit >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message