Date: Tue, 9 Mar 2010 15:36:15 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-ipfw@FreeBSD.ORG Subject: Small problem with "ipfw list" Message-ID: <201003091436.o29EaFQi048887@lurza.secnetix.de>
next in thread | raw e-mail | index | archive | help
Hi,
Just a question: Is the output from "ipfw list" supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
# ipfw list 100
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
# ipfw add 200 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
ipfw: hostname ``dst-ip'' unknown
So it inserts the word "dst-ip" in the output when an "or"
block is used, but that word isn't accepted as input.
I think the output from "ipfw list" should be valid rule
format that could be fed back as input to ipfw(8).
In fact that's exactly what I need to do in a script that
I've written recently, and the "dst-ip" problem bit me.
I had to work around it with sed(1).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"Python is an experiment in how much freedom programmers need.
Too much freedom and nobody can read another's code; too little
and expressiveness is endangered."
-- Guido van Rossum
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003091436.o29EaFQi048887>