Date: Fri, 27 Oct 2000 00:16:20 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: "Greg Skafte" <skafte@worldgate.ca> Cc: <freebsd-ipfw@freebsd.org> Subject: Re: could this be a sysctl? Message-ID: <0fc801c03fcc$a8db3370$040aa8c0@local.mindstep.com> References: <39F8CA7B.F409457@worldgate.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0FC5_01C03FAB.21A7DAA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
From: "Greg Skafte" <skafte@worldgate.ca>
> I was contemplating could the rule autoincrement number be changed to
> a sysctl? ..... instead of using shell script math, or having to edit
> ip_fw.c to change the default from 100 to somethingelse.
>
> in my firewall scripts it would be nice to just do a
>
> sysctl -w net.inet.ip.fw.countincrement = number
>
> to change the increment value from the 100 default ....
There are about 3 PR's with patches that implement just that...
Here is a patch over a recent (yesterday) RELENG_4 source if you can't wait.
Patrick.
------=_NextPart_000_0FC5_01C03FAB.21A7DAA0
Content-Type: application/octet-stream;
name="ip_fw.c.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="ip_fw.c.patch"
--- ip_fw.c.orig=0A=
+++ ip_fw.c=0A=
@@ -79,6 +79,8 @@=0A=
static int fw_verbose_limit =3D 0;=0A=
#endif=0A=
=0A=
+static int fw_auto_increment =3D 100;=0A=
+=0A=
static u_int64_t counter; /* counter for ipfw_report(NULL...) */=0A=
struct ipfw_flow_id last_pkt ;=0A=
=0A=
@@ -102,6 +104,8 @@=0A=
&fw_verbose, 0, "Log matches to ipfw rules");=0A=
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, =0A=
&fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules =
logged");=0A=
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW, =0A=
+ &fw_auto_increment, 0, "Set the increment value for unnumbered =
rules");=0A=
=0A=
#if STATEFUL=0A=
/*=0A=
@@ -1458,7 +1462,7 @@=0A=
return(0);=0A=
}=0A=
=0A=
- /* If entry number is 0, find highest numbered rule and add 100 */=0A=
+ /* If entry number is 0, find highest numbered rule and add =
fw_auto_increment */=0A=
if (ftmp->fw_number =3D=3D 0) {=0A=
for (fcp =3D LIST_FIRST(chainptr); fcp; fcp =3D LIST_NEXT(fcp, =
chain)) {=0A=
if (fcp->rule->fw_number !=3D (u_short)-1)=0A=
@@ -1466,8 +1470,8 @@=0A=
else=0A=
break;=0A=
}=0A=
- if (nbr < IPFW_DEFAULT_RULE - 100)=0A=
- nbr +=3D 100;=0A=
+ if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)=0A=
+ nbr +=3D fw_auto_increment;=0A=
ftmp->fw_number =3D frwl->fw_number =3D nbr;=0A=
}=0A=
=0A=
------=_NextPart_000_0FC5_01C03FAB.21A7DAA0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0fc801c03fcc$a8db3370$040aa8c0>