Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Mar 2010 17:46:11 +0100
From:      Luigi Rizzo <rizzo@iet.unipi.it>
To:        Oliver Fromme <olli@lurza.secnetix.de>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Small problem with "ipfw list"
Message-ID:  <20100309164611.GB53491@onelab2.iet.unipi.it>
In-Reply-To: <201003091436.o29EaFQi048887@lurza.secnetix.de>
References:  <201003091436.o29EaFQi048887@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
> Hi,
> 
> Just a question:  Is the output from "ipfw list" supposed
> to be in the same rule format that is accepted as input?

it is not, partly due to backward compatibility.
If you try "ipfw -c show" then you might have better luck though.

cheers
luigi

> If that's the case, then there is a small bug:
> 
> # ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
> 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
> # ipfw list 100
> 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
> # ipfw add 200 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
> ipfw: hostname ``dst-ip'' unknown
> 
> So it inserts the word "dst-ip" in the output when an "or"
> block is used, but that word isn't accepted as input.
> 
> I think the output from "ipfw list" should be valid rule
> format that could be fed back as input to ipfw(8).
> 
> In fact that's exactly what I need to do in a script that
> I've written recently, and the "dst-ip" problem bit me.
> I had to work around it with sed(1).
> 
> Best regards
>    Oliver
> 
> -- 
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
> Handelsregister: Registergericht Muenchen, HRA 74606,  Gesch?ftsfuehrung:
> secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n-
> chen, HRB 125758,  Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart
> 
> FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd
> 
> "Python is an experiment in how much freedom programmers need.
> Too much freedom and nobody can read another's code; too little
> and expressiveness is endangered."
>         -- Guido van Rossum
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100309164611.GB53491>