Date: Thu, 27 Jul 2000 12:06:24 -0500 From: Stephen Montgomery-Smith <stephen@math.missouri.edu> To: Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: sheldonh@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/20198: log setup of dynamic rules for ipfw Message-ID: <39806C10.4E38370C@math.missouri.edu> References: <200007271132.EAA88124@freefall.freebsd.org> <398053F2.DF9E3C5C@math.missouri.edu> <20000727172843.A48935@mithrandr.moria.org> <3980577F.BEC37786@math.missouri.edu> <20000727175112.A49474@mithrandr.moria.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
OK, how about this:
Neil Blakey-Milner wrote:
>
> On Thu 2000-07-27 (10:38), Stephen Montgomery-Smith wrote:
> > > > add pass log logamount 10 from any to any 22 keep-state
> > >
> > > What about:
> > >
> > > add pass log logamount 10 from any to any 22 setup keep-state
> > >
> >
> > That doesn't seem to work for me.
>
> Then that is the problem. No need to add new semantics when the above
> is the obvious way it should function. If you can determine why it
> doesn't work, then that's the fix.
>
[-- Attachment #2 --]
--- /sys/netinet/ip_fw.c Sat Jul 15 19:25:45 2000
+++ sys/netinet/ip_fw.c Thu Jul 27 11:47:19 2000
@@ -1215,8 +1215,18 @@
f->timestamp = time_second;
/* Log to console if desired */
+#if STATEFUL
+ if ((f->fw_flg & IP_FW_F_PRN) &&
+ /* Don't log for dynamic rules with keep state */
+ !((f->fw_flg & IP_FW_F_KEEP_S) && q != NULL) &&
+ fw_verbose) {
+ ipfw_report(f, ip, rif, oif);
+ }
+
+#else
if ((f->fw_flg & IP_FW_F_PRN) && fw_verbose)
ipfw_report(f, ip, rif, oif);
+#endif
/* Take appropriate action */
switch (f->fw_flg & IP_FW_F_COMMAND) {
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39806C10.4E38370C>