diff options
| author | luigi <luigi@FreeBSD.org> | 2010-03-15 18:20:51 +0000 |
|---|---|---|
| committer | luigi <luigi@FreeBSD.org> | 2010-03-15 18:20:51 +0000 |
| commit | b958ac2aee0c02d048840ba1a096b9d1a8e4a2d2 (patch) | |
| tree | 69c012db56511bb135a92c11fc1ac88e39fd7888 /sbin/ipfw | |
| parent | 3ada53d651797fa9ab1a3df69b6d4176151ec68c (diff) | |
| download | FreeBSD-src-b958ac2aee0c02d048840ba1a096b9d1a8e4a2d2.zip FreeBSD-src-b958ac2aee0c02d048840ba1a096b9d1a8e4a2d2.tar.gz | |
print correctly commands of the form
ipfw add 100 allow ip from { 1.2.3.4 or 5.6.7.8 }
(note that the above example could be better written as
ipfw add 100 allow dst-ip 1.2.3.4,5.6.7.8
Submitted by: Riccardo Panicucci
Diffstat (limited to 'sbin/ipfw')
| -rw-r--r-- | sbin/ipfw/ipfw2.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 7940e54..1ab827f 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -921,9 +921,9 @@ print_icmptypes(ipfw_insn_u32 *cmd) #define HAVE_DSTIP 0x0004 #define HAVE_PROTO4 0x0008 #define HAVE_PROTO6 0x0010 +#define HAVE_IP 0x0100 #define HAVE_OPTIONS 0x8000 -#define HAVE_IP (HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP) static void show_prerequisites(int *flags, int want, int cmd __unused) { @@ -1024,7 +1024,9 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) switch(cmd->opcode) { case O_CHECK_STATE: printf("check-state"); - flags = HAVE_IP; /* avoid printing anything else */ + /* avoid printing anything else */ + flags = HAVE_PROTO | HAVE_SRCIP | + HAVE_DSTIP | HAVE_IP; break; case O_ACCEPT: @@ -1164,7 +1166,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) show_prerequisites(&flags, HAVE_PROTO, 0); printf(" from any to any"); } - flags |= HAVE_IP | HAVE_OPTIONS; + flags |= HAVE_IP | HAVE_OPTIONS | HAVE_PROTO | + HAVE_SRCIP | HAVE_DSTIP; } if (co.comment_only) @@ -1253,9 +1256,12 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) break; case O_IP_DSTPORT: - show_prerequisites(&flags, HAVE_IP, 0); + show_prerequisites(&flags, + HAVE_PROTO | HAVE_SRCIP | + HAVE_DSTIP | HAVE_IP, 0); case O_IP_SRCPORT: - show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0); + show_prerequisites(&flags, + HAVE_PROTO | HAVE_SRCIP, 0); if ((cmd->len & F_OR) && !or_block) printf(" {"); if (cmd->len & F_NOT) @@ -1276,7 +1282,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) if ((flags & (HAVE_PROTO4 | HAVE_PROTO6)) && !(flags & HAVE_PROTO)) show_prerequisites(&flags, - HAVE_IP | HAVE_OPTIONS, 0); + HAVE_PROTO | HAVE_IP | HAVE_SRCIP | + HAVE_DSTIP | HAVE_OPTIONS, 0); if (flags & HAVE_OPTIONS) printf(" proto"); if (pe) @@ -1294,7 +1301,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) ((cmd->opcode == O_IP4) && (flags & HAVE_PROTO4))) break; - show_prerequisites(&flags, HAVE_IP | HAVE_OPTIONS, 0); + show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP | + HAVE_DSTIP | HAVE_IP | HAVE_OPTIONS, 0); if ((cmd->len & F_OR) && !or_block) printf(" {"); if (cmd->len & F_NOT && cmd->opcode != O_IN) @@ -1548,7 +1556,8 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth) or_block = 0; } } - show_prerequisites(&flags, HAVE_IP, 0); + show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP + | HAVE_IP, 0); if (comment) printf(" // %s", comment); printf("\n"); |
