diff options
author | melifaro <melifaro@FreeBSD.org> | 2012-03-25 20:37:59 +0000 |
---|---|---|
committer | melifaro <melifaro@FreeBSD.org> | 2012-03-25 20:37:59 +0000 |
commit | 97c3a90503d7ac77bc3c91a3910e5112ea4f1bb2 (patch) | |
tree | cc5736172eadfb11a89781cc57af9cf6e64f57d2 /sbin | |
parent | 96b099d4c47ca4e52fbc294eeb3f76bbff60ef05 (diff) | |
download | FreeBSD-src-97c3a90503d7ac77bc3c91a3910e5112ea4f1bb2.zip FreeBSD-src-97c3a90503d7ac77bc3c91a3910e5112ea4f1bb2.tar.gz |
- Permit number of ipfw tables to be changed in runtime.
net.inet.ip.fw.tables_max is now read-write.
- Bump IPFW_TABLES_MAX to 65535
Default number of tables is still 128
- Remove IPFW_TABLES_MAX from ipfw(8) code.
Sponsored by Yandex LLC
Approved by: kib(mentor)
MFC after: 2 weeks
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 2 | ||||
-rw-r--r-- | sbin/ipfw/ipfw2.c | 12 |
2 files changed, 4 insertions, 10 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 587cc5c..9836391 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -2845,7 +2845,7 @@ node is not passed though the firewall again. Otherwise, after an action, the packet is reinjected into the firewall at the next rule. .It Va net.inet.ip.fw.tables_max : No 128 -Maximum number of tables (read-only). +Maximum number of tables. .It Va net.inet.ip.fw.verbose : No 1 Enables verbose messages. .It Va net.inet.ip.fw.verbose_limit : No 0 diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 41f7be3..dd22ad0 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -3932,15 +3932,9 @@ ipfw_table_handler(int ac, char *av[]) len = sizeof(tables_max); if (sysctlbyname("net.inet.ip.fw.tables_max", &tables_max, &len, - NULL, 0) == -1) { -#ifdef IPFW_TABLES_MAX - warn("Warn: Failed to get the max tables number via sysctl. " - "Using the compiled in defaults. \nThe reason was"); - tables_max = IPFW_TABLES_MAX; -#else - errx(1, "Failed sysctlbyname(\"net.inet.ip.fw.tables_max\")"); -#endif - } + NULL, 0) == -1) + errx(1, "Can't determine maximum number of ipfw tables. " + "Perhaps you forgot to load ipfw module?"); memset(&xent, 0, sizeof(xent)); |