Date: Fri, 27 Oct 2000 00:16:20 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: "Greg Skafte" <skafte@worldgate.ca> Cc: <freebsd-ipfw@freebsd.org> Subject: Re: could this be a sysctl? Message-ID: <0fc801c03fcc$a8db3370$040aa8c0@local.mindstep.com> References: <39F8CA7B.F409457@worldgate.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0FC5_01C03FAB.21A7DAA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit From: "Greg Skafte" <skafte@worldgate.ca> > I was contemplating could the rule autoincrement number be changed to > a sysctl? ..... instead of using shell script math, or having to edit > ip_fw.c to change the default from 100 to somethingelse. > > in my firewall scripts it would be nice to just do a > > sysctl -w net.inet.ip.fw.countincrement = number > > to change the increment value from the 100 default .... There are about 3 PR's with patches that implement just that... Here is a patch over a recent (yesterday) RELENG_4 source if you can't wait. Patrick. ------=_NextPart_000_0FC5_01C03FAB.21A7DAA0 Content-Type: application/octet-stream; name="ip_fw.c.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ip_fw.c.patch" --- ip_fw.c.orig=0A= +++ ip_fw.c=0A= @@ -79,6 +79,8 @@=0A= static int fw_verbose_limit =3D 0;=0A= #endif=0A= =0A= +static int fw_auto_increment =3D 100;=0A= +=0A= static u_int64_t counter; /* counter for ipfw_report(NULL...) */=0A= struct ipfw_flow_id last_pkt ;=0A= =0A= @@ -102,6 +104,8 @@=0A= &fw_verbose, 0, "Log matches to ipfw rules");=0A= SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, =0A= &fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules = logged");=0A= +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW, =0A= + &fw_auto_increment, 0, "Set the increment value for unnumbered = rules");=0A= =0A= #if STATEFUL=0A= /*=0A= @@ -1458,7 +1462,7 @@=0A= return(0);=0A= }=0A= =0A= - /* If entry number is 0, find highest numbered rule and add 100 */=0A= + /* If entry number is 0, find highest numbered rule and add = fw_auto_increment */=0A= if (ftmp->fw_number =3D=3D 0) {=0A= for (fcp =3D LIST_FIRST(chainptr); fcp; fcp =3D LIST_NEXT(fcp, = chain)) {=0A= if (fcp->rule->fw_number !=3D (u_short)-1)=0A= @@ -1466,8 +1470,8 @@=0A= else=0A= break;=0A= }=0A= - if (nbr < IPFW_DEFAULT_RULE - 100)=0A= - nbr +=3D 100;=0A= + if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)=0A= + nbr +=3D fw_auto_increment;=0A= ftmp->fw_number =3D frwl->fw_number =3D nbr;=0A= }=0A= =0A= ------=_NextPart_000_0FC5_01C03FAB.21A7DAA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0fc801c03fcc$a8db3370$040aa8c0>