Date: Tue, 9 Jul 2002 22:13:47 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Dan Pelleg <daniel+bsd@pelleg.org> Cc: ipfw@freebsd.org Subject: Re: ipfw2 patches for -stable available Message-ID: <20020709221347.A91104@iguana.icir.org> In-Reply-To: <u2sy9ckpbo1.fsf@gs166.sp.cs.cmu.edu>; from daniel%2Bbsd@pelleg.org on Tue, Jul 09, 2002 at 10:19:26PM -0400 References: <20020709023203.A83270@iguana.icir.org> <u2sy9ckpbo1.fsf@gs166.sp.cs.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dan,
thanks for the report:
> I've only used it briefly. For now it looks ok, with the following observations:
>
> 1) the "icmptype" option doesn't seem to be supported
the manpage lists "icmptypes" (plural) as the option keyword,
though it is true that the previous code allowed abbreviations
(but those could be ambiguous). I am not sure whether or
not it is the case to fix it -- for sure i can add "icmptype"
as an alias for "icmptypes"
> 2) my "limit" rules are silently converted to "limit all"
thanks, that was in fact only a bug in the code to print out the
rule, the mask is correctly stored. Fixed.
> 3) I'm getting lots of "/kernel: install_state: entry already present,
> done" (related to (2)?).
this one i cannot reproduce, do you have a small ruleset and
input example to send me so i can try and reproduce the problem ?
> 4) there's an extra space after "log" in the "ipfw show" output
fixed, thanks.
Diffs for bugs #1,2,4 are below.
cheers
luigi
Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.3
diff -u -r1.3 ipfw2.c
--- ipfw2.c 8 Jul 2002 19:49:52 -0000 1.3
+++ ipfw2.c 10 Jul 2002 05:12:12 -0000
@@ -315,6 +315,7 @@
{ "tcpseq", TOK_TCPSEQ },
{ "tcpack", TOK_TCPACK },
{ "tcpwin", TOK_TCPWIN },
+ { "icmptype", TOK_ICMPTYPES },
{ "icmptypes", TOK_ICMPTYPES },
{ "not", TOK_NOT }, /* pseudo option */
@@ -850,9 +851,9 @@
}
if (logptr) {
if (logptr->max_log > 0)
- printf(" log logamount %d ", logptr->max_log);
+ printf(" log logamount %d", logptr->max_log);
else
- printf(" log ");
+ printf(" log");
}
/*
* then print the body
@@ -1066,7 +1067,7 @@
printf(" limit");
for ( ; p->x != 0 ; p++)
- if (x & p->x) {
+ if ((x & p->x) == p->x) {
x &= ~p->x;
printf("%s%s", comma, p->s);
comma = ",";
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020709221347.A91104>