Date: Sat, 20 Dec 2003 12:44:02 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: bzeeb+freebsd@zabbadoz.net Subject: bin/60433: ipfw: permit use of flush w/ preprocessor Message-ID: <20031220124402.CF655153ED@mail.int.zabbadoz.net> Resent-Message-ID: <200312202040.hBKKeMqM066134@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60433
>Category: bin
>Synopsis: ipfw: permit use of flush w/ preprocessor
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 20 12:40:21 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Bjoern A. Zeeb
>Release: FreeBSD 5.2-CURRENT i386
>Organization:
Zabbadoz.NeT
>Environment:
FreeBSD crisco.sbone.de 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Mon Dec 8 17:21:44 UTC 2003 bz@noc.int.zabbadoz.net:/export/src/src/obj/export/src/src/HEAD/compile-crisco-20031208-1530/sys/ZAB1-2003120101-CF i386
>Description:
when using a preprocessor for adding ipfw rules
and the preprocessor output includes a flush
command thw user will always be asked for confirmation
(I also got asked at boot time) which is not practical.
Further -f (don't ask for confirmation) didn't
work with -p up to now.
>How-To-Repeat:
# echo "flush" >> /tmp/ipfw-rules.m4
# ipfw -f -p /usr/bin/m4 /tmp/ipfw-rules.m4
ipfw: illegal option -- f
ipfw: bad arguments, for usage summary ``ipfw''
# ipfw -p /usr/bin/m4 /tmp/ipfw-rules.m4
command is /usr/bin/m4
Are you sure? [yn] y
Flushed all rules.
>Fix:
this patch updates ipfw binary and manpage to also
support -f with -p.
--- src/sbin/ipfw/ipfw2.c.orig Fri Dec 12 18:01:31 2003
+++ src/sbin/ipfw/ipfw2.c Fri Dec 12 19:22:50 2003
@@ -63,6 +63,7 @@
do_dynamic, /* display dynamic rules */
do_expired, /* display expired dynamic rules */
do_compact, /* show rules in compact mode */
+ do_force, /* Don't ask for confirmation */
show_sets, /* display rule sets */
test_only, /* only check syntax */
comment_only, /* only print action and comment */
@@ -3593,7 +3594,6 @@
int ch, ac, save_ac;
char **av, **save_av;
int do_acct = 0; /* Show packet/byte count */
- int do_force = 0; /* Don't ask for confirmation */
#define WHITESP " \t\f\v\n\r"
if (oldac == 0)
@@ -3678,7 +3678,9 @@
}
/* Set the force flag for non-interactive processes */
- do_force = !isatty(STDIN_FILENO);
+ if (!do_force) {
+ do_force = !isatty(STDIN_FILENO);
+ }
/* Save arguments for final freeing of memory. */
save_ac = ac;
@@ -3840,10 +3842,14 @@
filename = av[ac-1];
- while ((c = getopt(ac, av, "cNnp:qS")) != -1) {
+ while ((c = getopt(ac, av, "cfNnp:qS")) != -1) {
switch(c) {
case 'c':
do_compact = 1;
+ break;
+
+ case 'f':
+ do_force = 1;
break;
case 'N':
--- src/sbin/ipfw/ipfw.8.orig Fri Dec 12 19:23:03 2003
+++ src/sbin/ipfw/ipfw.8 Fri Dec 12 19:24:21 2003
@@ -1,7 +1,7 @@
.\"
.\" $FreeBSD: src/sbin/ipfw/ipfw.8,v 1.135 2003/12/12 16:14:28 luigi Exp $
.\"
-.Dd December 1, 2003
+.Dd December 12, 2003
.Dt IPFW 8
.Os
.Sh NAME
@@ -54,7 +54,7 @@
.Op Ar number ...
.Pp
.Nm
-.Op Fl cnNqS
+.Op Fl cfnNqS
.Oo
.Fl p Ar preproc
.Oo
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031220124402.CF655153ED>