diff options
author | luigi <luigi@FreeBSD.org> | 2002-07-13 15:57:23 +0000 |
---|---|---|
committer | luigi <luigi@FreeBSD.org> | 2002-07-13 15:57:23 +0000 |
commit | 8c163527e8dfce287de82c8ec9b25c288edc5577 (patch) | |
tree | c4e064f6d161d79473bf1ff690d5ba78dd77fb8d /sbin/ipfw | |
parent | 188efbec8e3b5aae6c0ed0b303e962ea6f95b23b (diff) | |
download | FreeBSD-src-8c163527e8dfce287de82c8ec9b25c288edc5577.zip FreeBSD-src-8c163527e8dfce287de82c8ec9b25c288edc5577.tar.gz |
A bunch of minor fixes:
* accept "icmptype" as an alias for "icmptypes";
* remove an extra whitespace after "log" rules;
* print correctly the "limit" masks;
* correct a typo in parsing dummynet arguments (this caused a coredump);
* do not allow specifying both "check-state" and "limit", they are
(and have always been) mutually exclusive;
* remove an extra print of the rule before installing it;
* make stdout buffered -- otherwise, if you log its output with syslog,
you will see one entry for each printf(). Rather unpleasant.
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw2.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 08c703b..71e3358 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -315,6 +315,7 @@ struct _s_x rule_options[] = { { "tcpseq", TOK_TCPSEQ }, { "tcpack", TOK_TCPACK }, { "tcpwin", TOK_TCPWIN }, + { "icmptype", TOK_ICMPTYPES }, { "icmptypes", TOK_ICMPTYPES }, { "not", TOK_NOT }, /* pseudo option */ @@ -850,9 +851,9 @@ show_ipfw(struct ip_fw *rule) } if (logptr) { if (logptr->max_log > 0) - printf(" log logamount %d ", logptr->max_log); + printf(" log logamount %d", logptr->max_log); else - printf(" log "); + printf(" log"); } /* * then print the body @@ -1066,7 +1067,7 @@ show_ipfw(struct ip_fw *rule) printf(" limit"); for ( ; p->x != 0 ; p++) - if (x & p->x) { + if ((x & p->x) == p->x) { x &= ~p->x; printf("%s%s", comma, p->s); comma = ","; @@ -1841,7 +1842,7 @@ config_pipe(int ac, char **av) a = strtoul(av[0]+1, &end, 0); a = (a == 32) ? ~0 : (1 << a) - 1; } else - a = strtoul(av[1], &end, 0); + a = strtoul(av[0], &end, 0); if (p32 != NULL) *p32 = a; else if (p16 != NULL) { @@ -2695,12 +2696,18 @@ read_options: break; case TOK_KEEPSTATE: + if (have_state) + errx(EX_USAGE, "only one of check-state " + "and limit is allowed"); have_state = 1; fill_cmd(cmd, O_KEEP_STATE, 0, 0); break; case TOK_LIMIT: NEED1("limit needs mask and # of connections"); + if (have_state) + errx(EX_USAGE, "only one of check-state " + "and limit is allowed"); { ipfw_insn_limit *c = (ipfw_insn_limit *)cmd; @@ -2790,8 +2797,6 @@ done: rule->cmd_len = (u_int32_t *)dst - (u_int32_t *)(rule->cmd); i = (void *)dst - (void *)rule; - if (!do_quiet) - show_ipfw(rule); if (getsockopt(s, IPPROTO_IP, IP_FW_ADD, rule, &i) == -1) err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_ADD"); if (!do_quiet) @@ -3148,8 +3153,6 @@ main(int ac, char *av[]) if (s < 0) err(EX_UNAVAILABLE, "socket"); - setbuf(stdout, 0); - /* * If the last argument is an absolute pathname, interpret it * as a file to be preprocessed. |