diff options
author | phk <phk@FreeBSD.org> | 2001-10-31 16:08:49 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 2001-10-31 16:08:49 +0000 |
commit | 10fe9ee3d236e501d53849cacd67f8ac43e874ff (patch) | |
tree | 1868a90bdd12a3a65a8690c6b136f7107c5448d1 /sbin/natd | |
parent | b35708db5b9218ac5729deb2ebf151af134582dc (diff) | |
download | FreeBSD-src-10fe9ee3d236e501d53849cacd67f8ac43e874ff.zip FreeBSD-src-10fe9ee3d236e501d53849cacd67f8ac43e874ff.tar.gz |
Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.
PR: 30255
Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by: phk
MFC after: 4 weeks
Diffstat (limited to 'sbin/natd')
-rw-r--r-- | sbin/natd/natd.8 | 3 | ||||
-rw-r--r-- | sbin/natd/natd.c | 19 |
2 files changed, 19 insertions, 3 deletions
diff --git a/sbin/natd/natd.8 b/sbin/natd/natd.8 index 4017e86..20961a2 100644 --- a/sbin/natd/natd.8 +++ b/sbin/natd/natd.8 @@ -31,6 +31,7 @@ .Op Fl log_denied .Op Fl log_facility Ar facility_name .Op Fl punch_fw Ar firewall_range +.Op Fl log_ipfw_denied .Ek .Sh DESCRIPTION This program provides a Network Address Translation facility for use @@ -461,6 +462,8 @@ rules starting from the rule number .Ar basenumber will be used for punching firewall holes. The range will be cleared for all rules on startup. +.It Fl log_ipfw_denied +Log when a packet can't be re-injected because a ipfw rule deny it. .El .Sh RUNNING NATD The following steps are necessary before attempting to run diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c index a41d540..b5e65fc 100644 --- a/sbin/natd/natd.c +++ b/sbin/natd/natd.c @@ -126,6 +126,7 @@ static int packetDirection; static int dropIgnoredIncoming; static int logDropped; static int logFacility; +static int log_ipfw_denied; int main (int argc, char** argv) { @@ -160,6 +161,7 @@ int main (int argc, char** argv) dynamicMode = 0; logDropped = 0; logFacility = LOG_DAEMON; + log_ipfw_denied = 0; /* * Mark packet buffer empty. */ @@ -614,7 +616,7 @@ static void FlushPacketBuffer (int fd) (struct ip*) packetBuf, ifMTU - aliasOverhead); } - else { + else if (errno == EACCES && log_ipfw_denied) { sprintf (msgBuf, "failed to write packet back"); Warn (msgBuf); @@ -870,7 +872,8 @@ enum Option { ProxyRule, LogDenied, LogFacility, - PunchFW + PunchFW, + LogIpfwDenied }; enum Param { @@ -1088,7 +1091,15 @@ static struct OptionInfo optionTable[] = { "basenumber:count", "punch holes in the firewall for incoming FTP/IRC DCC connections", "punch_fw", - NULL } + NULL }, + + { LogIpfwDenied, + 0, + YesNo, + "[yes|no]", + "log packets converted by natd, but denied by ipfw", + "log_ipfw_denied", + NULL }, }; static void ParseOption (const char* option, const char* parms) @@ -1272,6 +1283,8 @@ static void ParseOption (const char* option, const char* parms) case PunchFW: SetupPunchFW(strValue); break; + case LogIpfwDenied: + log_ipfw_denied=1; } } |