From owner-freebsd-hackers  Tue Jan 27 11:50:03 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA22798
          for hackers-outgoing; Tue, 27 Jan 1998 11:50:03 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from smtp1.xs4all.nl (smtp1.xs4all.nl [194.109.6.51])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22748
          for <freebsd-hackers@freebsd.org>; Tue, 27 Jan 1998 11:49:43 -0800 (PST)
          (envelope-from alexlh@xs4all.nl)
Received: from xs1.xs4all.nl (alexlh@xs1.xs4all.nl [194.109.6.42]) by smtp1.xs4all.nl (8.8.6/XS4ALL) with ESMTP id UAA28942 for <freebsd-hackers@freebsd.org>; Tue, 27 Jan 1998 20:49:40 +0100 (MET)
From: alexlh@xs4all.nl
Received: from localhost (alexlh@localhost)
	by xs1.xs4all.nl (8.8.6/8.8.6) with SMTP id UAA29754
	for <freebsd-hackers@freebsd.org>; Tue, 27 Jan 1998 20:49:38 +0100 (MET)
Date: Tue, 27 Jan 1998 20:36:13 +0100 (MET)
To: freebsd-hacker@FreeBSD.ORG
Subject: ipfw patch
Message-ID: <Pine.SUN.3.93.980127202806.10230K-100000@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk

Hi,

I use ipfw a lot. It's really nice.

One thing bothered me though; sometimes there would be a typo in the rules
file, causing ipfw not to finish adding all the rules. This has been a
problem, as most of our servers are located behind a large, locked door
and I usually do things to them over the network.

I've patched ipfw so that it's now possible to let it process a ruleset
without actually adding the rules to the kernel. It now checks to see if
the executable is actually named 'ipfw' before the setsockopt() call.
Create a symlink named (for example) testipw pointing to the ipfw
executable, and all will be fine.

Alex Le Heux

----------------- CUT HERE -------------------
*** ipfw.c      Wed Mar  5 13:30:08 1997
--- ipfw.c.new  Tue Jan 27 20:37:36 1998
***************
*** 799,807 ****
  
        if (!do_quiet)
                show_ipfw(&rule);
!       i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
!       if (i)
!               err(1,"setsockopt(IP_FW_ADD)");
  }
  
  void
--- 799,809 ----
  
        if (!do_quiet)
                show_ipfw(&rule);
!       if (strcmp(progname, "ipfw") == 0) {
!               i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof
rule);
!               if (i)
!                err(1,"setsockopt(IP_FW_ADD)");
!       }
  }
  
  void