From owner-freebsd-hackers  Tue Jan 27 16:29:21 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA23398
          for hackers-outgoing; Tue, 27 Jan 1998 16:29:21 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA23359
          for <freebsd-hackers@freebsd.org>; Tue, 27 Jan 1998 16:29:11 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id QAA03738; Tue, 27 Jan 1998 16:28:40 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma003736; Tue Jan 27 16:28:13 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id QAA18434; Tue, 27 Jan 1998 16:28:12 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199801280028.QAA18434@bubba.whistle.com>
Subject: Re: ipfw patch
In-Reply-To: <Pine.SUN.3.93.980127202806.10230K-100000@xs1.xs4all.nl> from "alexlh@xs4all.nl" at "Jan 27, 98 08:36:13 pm"
To: alexlh@xs4all.nl
Date: Tue, 27 Jan 1998 16:28:12 -0800 (PST)
Cc: freebsd-hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk


A good idea.. more traditional though would just be to add a flag
to ipfw itself, like "-n" or something.

-Archie

alexlh@xs4all.nl writes:
> I use ipfw a lot. It's really nice.
> 
> One thing bothered me though; sometimes there would be a typo in the rules
> file, causing ipfw not to finish adding all the rules. This has been a
> problem, as most of our servers are located behind a large, locked door
> and I usually do things to them over the network.
> 
> I've patched ipfw so that it's now possible to let it process a ruleset
> without actually adding the rules to the kernel. It now checks to see if
> the executable is actually named 'ipfw' before the setsockopt() call.
> Create a symlink named (for example) testipw pointing to the ipfw
> executable, and all will be fine.
> 
> Alex Le Heux
> 
> ----------------- CUT HERE -------------------
> *** ipfw.c      Wed Mar  5 13:30:08 1997
> --- ipfw.c.new  Tue Jan 27 20:37:36 1998
> ***************
> *** 799,807 ****
>   
>         if (!do_quiet)
>                 show_ipfw(&rule);
> !       i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
> !       if (i)
> !               err(1,"setsockopt(IP_FW_ADD)");
>   }
>   
>   void
> --- 799,809 ----
>   
>         if (!do_quiet)
>                 show_ipfw(&rule);
> !       if (strcmp(progname, "ipfw") == 0) {
> !               i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof
> rule);
> !               if (i)
> !                err(1,"setsockopt(IP_FW_ADD)");
> !       }
>   }
>   
>   void
> 
> 
> 
> 

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com