diff options
author | luigi <luigi@FreeBSD.org> | 2003-12-12 16:14:28 +0000 |
---|---|---|
committer | luigi <luigi@FreeBSD.org> | 2003-12-12 16:14:28 +0000 |
commit | d2a6451a37922152b78305f66308dedace8bb5ba (patch) | |
tree | 69276ef42f7e8f89c4d951b9aa0bec244e5d638f | |
parent | c4ec3e17f9723070066fdafd1e78ef5c06528ff9 (diff) | |
download | FreeBSD-src-d2a6451a37922152b78305f66308dedace8bb5ba.zip FreeBSD-src-d2a6451a37922152b78305f66308dedace8bb5ba.tar.gz |
Add a -b flag to /sbin/ipfw to print only action and comment for each
rule, thus omitting the entire body.
This makes the output a lot more readable for complex rulesets
(provided, of course, you have annotated your ruleset appropriately!)
MFC after: 3 days
-rw-r--r-- | sbin/ipfw/ipfw.8 | 4 | ||||
-rw-r--r-- | sbin/ipfw/ipfw2.c | 22 |
2 files changed, 24 insertions, 2 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 7d64d65..cc60303 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -205,6 +205,10 @@ While listing, show counter values. The .Cm show command just implies this option. +.It Fl b +Only show the action and the comment, not the body of a rule. +Implies +.Fl c . .It Fl c When entering or showing rules, print them in compact form, i.e. without the optional "ip from any to any" string diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 7597ebd..6a151e7 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -65,6 +65,7 @@ int do_compact, /* show rules in compact mode */ show_sets, /* display rule sets */ test_only, /* only check syntax */ + comment_only, /* only print action and comment */ verbose; #define IP_MASK_ALL 0xffffffff @@ -850,6 +851,8 @@ print_icmptypes(ipfw_insn_u32 *cmd) static void show_prerequisites(int *flags, int want, int cmd) { + if (comment_only) + return; if ( (*flags & HAVE_IP) == HAVE_IP) *flags |= HAVE_OPTIONS; @@ -1030,11 +1033,21 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) flags |= HAVE_IP | HAVE_OPTIONS; } + if (comment_only) + comment = "..."; + for (l = rule->act_ofs, cmd = rule->cmd ; l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) { /* useful alias */ ipfw_insn_u32 *cmd32 = (ipfw_insn_u32 *)cmd; + if (comment_only) { + if (cmd->opcode != O_NOP) + continue; + printf(" // %s\n", (char *)(cmd + 1)); + return; + } + show_prerequisites(&flags, 0, cmd->opcode); switch(cmd->opcode) { @@ -1840,7 +1853,7 @@ help(void) { fprintf(stderr, "ipfw syntax summary (but please do read the ipfw(8) manpage):\n" -"ipfw [-acdeftTnNpqS] <command> where <command> is one of:\n" +"ipfw [-abcdefhnNqStTv] <command> where <command> is one of:\n" "add [num] [set N] [prob x] RULE-BODY\n" "{pipe|queue} N config PIPE-BODY\n" "[pipe|queue] {zero|delete|show} [N{,N}]\n" @@ -3672,12 +3685,17 @@ ipfw_main(int oldac, char **oldav) save_av = av; optind = optreset = 0; - while ((ch = getopt(ac, av, "acdefhnNqs:STtv")) != -1) + while ((ch = getopt(ac, av, "abcdefhnNqs:STtv")) != -1) switch (ch) { case 'a': do_acct = 1; break; + case 'b': + comment_only = 1; + do_compact = 1; + break; + case 'c': do_compact = 1; break; |