Date: Tue, 27 Jan 1998 16:28:12 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: alexlh@xs4all.nl Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ipfw patch Message-ID: <199801280028.QAA18434@bubba.whistle.com> In-Reply-To: <Pine.SUN.3.93.980127202806.10230K-100000@xs1.xs4all.nl> from "alexlh@xs4all.nl" at "Jan 27, 98 08:36:13 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
A good idea.. more traditional though would just be to add a flag
to ipfw itself, like "-n" or something.
-Archie
alexlh@xs4all.nl writes:
> I use ipfw a lot. It's really nice.
>
> One thing bothered me though; sometimes there would be a typo in the rules
> file, causing ipfw not to finish adding all the rules. This has been a
> problem, as most of our servers are located behind a large, locked door
> and I usually do things to them over the network.
>
> I've patched ipfw so that it's now possible to let it process a ruleset
> without actually adding the rules to the kernel. It now checks to see if
> the executable is actually named 'ipfw' before the setsockopt() call.
> Create a symlink named (for example) testipw pointing to the ipfw
> executable, and all will be fine.
>
> Alex Le Heux
>
> ----------------- CUT HERE -------------------
> *** ipfw.c Wed Mar 5 13:30:08 1997
> --- ipfw.c.new Tue Jan 27 20:37:36 1998
> ***************
> *** 799,807 ****
>
> if (!do_quiet)
> show_ipfw(&rule);
> ! i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
> ! if (i)
> ! err(1,"setsockopt(IP_FW_ADD)");
> }
>
> void
> --- 799,809 ----
>
> if (!do_quiet)
> show_ipfw(&rule);
> ! if (strcmp(progname, "ipfw") == 0) {
> ! i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof
> rule);
> ! if (i)
> ! err(1,"setsockopt(IP_FW_ADD)");
> ! }
> }
>
> void
>
>
>
>
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801280028.QAA18434>