Date: Tue, 27 Jan 1998 21:35:40 -0800 From: John Polstra <jdp@polstra.com> To: archie@whistle.com Cc: hackers@FreeBSD.ORG Subject: Re: ipfw patch Message-ID: <199801280535.VAA29425@austin.polstra.com> In-Reply-To: <199801280028.QAA18434@bubba.whistle.com> References: <199801280028.QAA18434@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <199801280028.QAA18434@bubba.whistle.com>, Archie Cobbs <archie@whistle.com> wrote: > > A good idea.. more traditional though would just be to add a flag > to ipfw itself, like "-n" or something. > > -Archie > > alexlh@xs4all.nl writes: > > I use ipfw a lot. It's really nice. > > > > One thing bothered me though; sometimes there would be a typo in the rules > > file, causing ipfw not to finish adding all the rules. This has been a > > problem, as most of our servers are located behind a large, locked door > > and I usually do things to them over the network. > > > > I've patched ipfw so that it's now possible to let it process a ruleset > > without actually adding the rules to the kernel. It now checks to see if > > the executable is actually named 'ipfw' before the setsockopt() call. > > Create a symlink named (for example) testipw pointing to the ipfw > > executable, and all will be fine. I agree with Archie. It's best to avoid adding programs that change their behavior based on the name used to invoke them. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-knowledge is always bad news." -- John Barth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801280535.VAA29425>