Date: Wed, 10 May 2006 07:16:34 +0900 From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> To: matteo@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: conf/96247: [patch] 550.ipfwlimit reports logs even if log size is not limited. Message-ID: <20060510071634T.turutani@polymer3.scphys.kyoto-u.ac.jp> In-Reply-To: <200605091709.k49H9kbw054210@freefall.freebsd.org> References: <200605091709.k49H9kbw054210@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is not a bug: if net.inet.ip.fw.verbose_limit=0 but rules
> specify a limit, this limit has the priority since it's a specific
> setting that overrides a general one.
I still think this is a bug.
When "log" keyword is set without "logamount" for each rule,
limit about this rule shoule not be set.
A value of 0 in "logamount" or net.inet.ip.fw.verbose_limit has
a special meaning of "no limit", as I think. Is this wrong ?
But my previous patch was wrong. Here is a new patch:
--- etc/periodic/security/550.ipfwlimit.orig Mon Apr 24 13:27:37 2006
+++ etc/periodic/security/550.ipfwlimit Wed May 10 07:00:10 2006
@@ -54,7 +54,7 @@
if ($2 > $7)
{print $0}
} else {
- if ($2 > limit)
+ if (limit != 0 && $2 > limit)
{print $0}}
}' > ${TMP}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060510071634T.turutani>