Date: Thu, 26 Feb 2009 22:41:20 -0700 From: Brett Glass <brett@lariat.net> To: net@freebsd.org Subject: Recommended additions to ipfw command: increment and verbosity limit Message-ID: <200902270541.WAA01313@lariat.net>
next in thread | raw e-mail | index | archive | help
Everyone: Reviewing the latest man page for ipfw(8), I see that the only way to change the automatic increment for rules is still to set a sysctl variable (net.inet.ip.fw.autoinc_step). This was once also the case for "one pass" behavior (net.inet.ip.fw.one_pass) as well as verbose logging, debugging messages, and the global enable bit for the entire firewall. However various "ipfw enable" and "ipfw disable" subcommands were added over time to eliminate the need to set arcane sysctl variables. The only two commonly used parameters that are still not settable from the ipfw(8) command seem to be autoinc_step and verbose_limit. (autoinc_step has to be in the range 1..1000, while verbose_limit seems to be able to take any unsigned integer value.) I'd like to recommend that subcommands be added to set them, not only for the sake of consistency but to make it unnecessary to circumvent the ipfw command to configure one's firewall. The sysctl variables could remain to provide backward compatibility and to satisfy the Principle of Least Astonishment. Comments? Should I submit code? (Anyone qualified to be a committer should be able to make the changes by copying an editing a few lines, but...) --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902270541.WAA01313>