Date: Thu, 9 Aug 2018 19:01:35 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: rgrimes@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r337536 - head/sbin/ipfw Message-ID: <d166200c-a72a-ff29-4c79-63e71cc3c261@yandex.ru> In-Reply-To: <201808091548.w79Fm8Ed018168@pdx.rh.CN85.dnsmgr.net> References: <201808091548.w79Fm8Ed018168@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--N69pLIyczzLTbSCZeYfQq2Uz5E9zmW55O
Content-Type: multipart/mixed; boundary="UJWIzXMrMDONHFGFBhkb5em8cEPA5Dl6b";
protected-headers="v1"
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: rgrimes@freebsd.org
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
svn-src-head@freebsd.org
Message-ID: <d166200c-a72a-ff29-4c79-63e71cc3c261@yandex.ru>
Subject: Re: svn commit: r337536 - head/sbin/ipfw
References: <201808091548.w79Fm8Ed018168@pdx.rh.CN85.dnsmgr.net>
In-Reply-To: <201808091548.w79Fm8Ed018168@pdx.rh.CN85.dnsmgr.net>
--UJWIzXMrMDONHFGFBhkb5em8cEPA5Dl6b
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 09.08.2018 18:48, Rodney W. Grimes wrote:
>>> This now means -q has 2 functions, silence most commands,
>>> and silently ignore errors on delete.
>>>
>>> That is a poor implementation of syntax and options.
>>
>> I think it makes "delete" command to have the same behavior as describ=
ed
>> for commands in "-q" description:
>=20
> Which is yet another bug in your commit, you did not update the
> synopsis or the description of the -q flag to include your
> change. Though oddly the synopsis does show delete -q, it
> how ever does not show -q for any of the table commands.
>=20
>>
>> -q Be quiet when executing the add, nat, zero, resetlog or flush
>> commands; (implies -f).
> No mention of what it does on delete, does -q on delete imply -f?
>=20
>> This is useful when updating rulesets by
>> executing multiple ipfw commands in a script (e.g.,
>> ?sh?/etc/rc.firewall?), or by processing a file with many ipfw
>> rules across a remote login session. It also stops a table add
>> or delete from failing if the entry already exists or is not
>> present.
>=20
> That suggesting that -q is good for remote login session is
> poor advice at best, you should redirect both standard and
> error output to a file, depending on -q is just a loaded
> gun waiting to go off.
>=20
>>
>> table add/delete commands had the same behavior, "nat" already noted i=
n
>> this list. What is the usage scenario do you use, where you need to fa=
il
>> on bad delete?
>=20
> if [ ipfw delete ${1} ]; then
> handle the missing rule
> fi
This is mostly unneeded operation, that we wanted to avoid.
I.e. to be able run in bath mode:
delete ${n}
add ${n} ...
> But more importantly you seem to be ignoring the aspect that
> your overloading a "silent" option with a "ignore failure"
> option. That is bad design. The description of the -q flag
> is already 2x as long as it should be in a good design.
I have a feeling you are watching each my commit and comment it :)
I did not designed this behavior, at work we use another tool to work
with rules and tables. I'm fine with reverting this change. Do you want
to restore previous behavior?
AFAIR, julian@ complains that ipfw(8) has some error states that should
be removed.
--=20
WBR, Andrey V. Elsukov
--UJWIzXMrMDONHFGFBhkb5em8cEPA5Dl6b--
--N69pLIyczzLTbSCZeYfQq2Uz5E9zmW55O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAltsZV8ACgkQAcXqBBDI
oXrR+wf+LF3YioMLJfoFxsxnopo1/8AG5QMiKtSAHO+zj/t0Kj0gKcIrFWtYcoNL
QVqjYXTqGVmipGFFqK0julCyynvlKRw2LalbkFGxxbVGF4iH7sv1dt+IDTuVABB5
nbvj0CzrV86RMz7tTOxbheLlsK85oNSU6TDngztpKnApYRRO4ROi3BqkMZDxQ0xg
bquRWp/cTAu6w+t0EY0nRiK7gW6iG9HpvYnGbS7MxMcccXNDarsCLfqaPKNC0Ycq
AXLZsYOAFRaBLBlTpAVcETQghwMyrWk3oPhQ8aYL3edKNxOkExzb3N/tJZBoO0t+
1oHLLcK0IMUyagw0mTNtyShwZ5EMqA==
=JjSe
-----END PGP SIGNATURE-----
--N69pLIyczzLTbSCZeYfQq2Uz5E9zmW55O--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d166200c-a72a-ff29-4c79-63e71cc3c261>