Date: Tue, 27 Jan 1998 20:36:13 +0100 (MET) From: alexlh@xs4all.nl To: freebsd-hacker@FreeBSD.ORG Subject: ipfw patch Message-ID: <Pine.SUN.3.93.980127202806.10230K-100000@xs1.xs4all.nl>
next in thread | raw e-mail | index | archive | help
Hi,
I use ipfw a lot. It's really nice.
One thing bothered me though; sometimes there would be a typo in the rules
file, causing ipfw not to finish adding all the rules. This has been a
problem, as most of our servers are located behind a large, locked door
and I usually do things to them over the network.
I've patched ipfw so that it's now possible to let it process a ruleset
without actually adding the rules to the kernel. It now checks to see if
the executable is actually named 'ipfw' before the setsockopt() call.
Create a symlink named (for example) testipw pointing to the ipfw
executable, and all will be fine.
Alex Le Heux
----------------- CUT HERE -------------------
*** ipfw.c Wed Mar 5 13:30:08 1997
--- ipfw.c.new Tue Jan 27 20:37:36 1998
***************
*** 799,807 ****
if (!do_quiet)
show_ipfw(&rule);
! i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
! if (i)
! err(1,"setsockopt(IP_FW_ADD)");
}
void
--- 799,809 ----
if (!do_quiet)
show_ipfw(&rule);
! if (strcmp(progname, "ipfw") == 0) {
! i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof
rule);
! if (i)
! err(1,"setsockopt(IP_FW_ADD)");
! }
}
void
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.93.980127202806.10230K-100000>