From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 16:13:59 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B35816A41B for ; Thu, 2 Aug 2007 16:13:59 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from mail.ciam.ru (ns.ciam.ru [213.247.195.75]) by mx1.freebsd.org (Postfix) with ESMTP id 4C73413C45E for ; Thu, 2 Aug 2007 16:13:59 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from dhcp250-210.yandex.ru ([87.250.250.210]) by mail.ciam.ru with esmtpa (Exim 4.x) id 1IGckD-000Eu3-77 for net@freebsd.org; Thu, 02 Aug 2007 19:37:45 +0400 Message-ID: <46B1FA49.8060402@FreeBSD.org> Date: Thu, 02 Aug 2007 19:37:45 +0400 From: Sergey Matveychuk User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: net@freebsd.org Content-Type: multipart/mixed; boundary="------------040809050705000004070504" Cc: Subject: ipfw does not eat its own output X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 16:13:59 -0000 This is a multi-part message in MIME format. --------------040809050705000004070504 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi. I think quite many people met a situation when you want to save current rules with 'ipfw list' command and use it as ipfw input afterwards? (Yes, you should add a 'add' word before each line). But here we meet a weird problem: 'ipfw list' outputs a wrong rule format sometime and you can't use it without a modification. The problem with 'to { ... or ... }' blocks. Let's see an example: you add the rule: ipfw add 100 allow tcp from { 10.10.10.1 or 10.10.10.2 } to { 10.10.10.3 or 10.10.10.4 or 10.10.10.5 } adn it's showed as: 00100 allow tcp from { 10.10.10.1 or 10.10.10.2 } to { 10.10.10.3 or dst-ip 10.10.10.4 or dst-ip 10.10.10.5 } dst-ip words are wrong here. if you'll try to add the rule in this format you get an error: ipfw: missing ")" I think it's a known and long standing problem. (I've found it's introduced with the commit: Revision 1.11: Mon Aug 19 04:52:15 2002 UTC (4 years, 11 months ago) by luigi ) After investigation I've found a strange assumption in show_prerequisites() function. It looks wrong. So I think we can remove it easily. It'll fix the problem. I've tried a lot of syntax variants and I can't see something wrong in output after the modification. Tell me if I wrong (with examples). The patch is bellow. -- Dixi. Sem. --------------040809050705000004070504 Content-Type: text/plain; name="ipfw2.c.diff" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="ipfw2.c.diff" LS0tIHNiaW4vaXBmdy9pcGZ3Mi5jLm9yaWcJVGh1IEF1ZyAgMiAxMzo0NDo0NSAyMDA3Cisr KyBzYmluL2lwZncvaXBmdzIuYwlUaHUgQXVnICAyIDE1OjE3OjQ0IDIwMDcKQEAgLTEzOTQs OSArMTM5NCw2IEBACiB7CiAJaWYgKGNvbW1lbnRfb25seSkKIAkJcmV0dXJuOwotCWlmICgg KCpmbGFncyAmIEhBVkVfSVApID09IEhBVkVfSVApCi0JCSpmbGFncyB8PSBIQVZFX09QVElP TlM7Ci0KIAlpZiAoICEoKmZsYWdzICYgSEFWRV9PUFRJT05TKSkgewogCQlpZiAoICEoKmZs YWdzICYgSEFWRV9QUk9UTykgJiYgKHdhbnQgJiBIQVZFX1BST1RPKSkKIAkJCWlmICggKCpm bGFncyAmIEhBVkVfUFJPVE80KSkK --------------040809050705000004070504--