From owner-freebsd-hackers  Tue Jan 27 21:35:52 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA21568
          for hackers-outgoing; Tue, 27 Jan 1998 21:35:52 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from austin.polstra.com (austin.polstra.com [206.213.73.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA21559
          for <hackers@freebsd.org>; Tue, 27 Jan 1998 21:35:46 -0800 (PST)
          (envelope-from jdp@austin.polstra.com)
Received: from austin.polstra.com (jdp@localhost)
	by austin.polstra.com (8.8.8/8.8.8) with ESMTP id VAA29425;
	Tue, 27 Jan 1998 21:35:40 -0800 (PST)
	(envelope-from jdp)
Message-Id: <199801280535.VAA29425@austin.polstra.com>
To: archie@whistle.com
Subject: Re: ipfw patch
In-Reply-To: <199801280028.QAA18434@bubba.whistle.com>
References: <199801280028.QAA18434@bubba.whistle.com>
Organization: Polstra & Co., Seattle, WA
Cc: hackers@FreeBSD.ORG
Date: Tue, 27 Jan 1998 21:35:40 -0800
From: John Polstra <jdp@polstra.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk

In article <199801280028.QAA18434@bubba.whistle.com>,
Archie Cobbs  <archie@whistle.com> wrote:
> 
> A good idea.. more traditional though would just be to add a flag
> to ipfw itself, like "-n" or something.
> 
> -Archie
> 
> alexlh@xs4all.nl writes:
> > I use ipfw a lot. It's really nice.
> > 
> > One thing bothered me though; sometimes there would be a typo in the rules
> > file, causing ipfw not to finish adding all the rules. This has been a
> > problem, as most of our servers are located behind a large, locked door
> > and I usually do things to them over the network.
> > 
> > I've patched ipfw so that it's now possible to let it process a ruleset
> > without actually adding the rules to the kernel. It now checks to see if
> > the executable is actually named 'ipfw' before the setsockopt() call.
> > Create a symlink named (for example) testipw pointing to the ipfw
> > executable, and all will be fine.

I agree with Archie.  It's best to avoid adding programs that change
their behavior based on the name used to invoke them.

John
--
   John Polstra                                       jdp@polstra.com
   John D. Polstra & Co., Inc.                Seattle, Washington USA
   "Self-knowledge is always bad news."                 -- John Barth