diff options
| author | mlaier <mlaier@FreeBSD.org> | 2006-05-12 04:41:27 +0000 |
|---|---|---|
| committer | mlaier <mlaier@FreeBSD.org> | 2006-05-12 04:41:27 +0000 |
| commit | 95826ec6b414b9b651fe4cf4b08cf9e0e16a11f2 (patch) | |
| tree | 8c7da3df3d9265ef97f64e2b6617e900ce33f24e /sys/netinet/ip_fw2.c | |
| parent | c44b3e762ea073484239a80b3968a71c3d903f4f (diff) | |
| download | FreeBSD-src-95826ec6b414b9b651fe4cf4b08cf9e0e16a11f2.zip FreeBSD-src-95826ec6b414b9b651fe4cf4b08cf9e0e16a11f2.tar.gz | |
Reintroduce net.inet6.ip6.fw.enable sysctl to dis/enable the ipv6 processing
seperately. Also use pfil hook/unhook instead of keeping the check
functions in pfil just to return there based on the sysctl. While here fix
some whitespace on a nearby SYSCTL_ macro.
Diffstat (limited to 'sys/netinet/ip_fw2.c')
| -rw-r--r-- | sys/netinet/ip_fw2.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 49be308..dacaa57 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -165,11 +165,13 @@ struct table_entry { static int fw_debug = 1; static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ +extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS); + #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, - CTLFLAG_RW | CTLFLAG_SECURE3, - &fw_enable, 0, "Enable ipfw"); +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &fw_enable, 0, + ipfw_chg_hook, "I", "Enable ipfw"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW, &autoinc_step, 0, "Rule number autincrement step"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass, @@ -4112,12 +4114,15 @@ ipfw_init(void) /* Setup IPv6 fw sysctl tree. */ sysctl_ctx_init(&ip6_fw_sysctl_ctx); ip6_fw_sysctl_tree = SYSCTL_ADD_NODE(&ip6_fw_sysctl_ctx, - SYSCTL_STATIC_CHILDREN(_net_inet6_ip6), OID_AUTO, "fw", - CTLFLAG_RW | CTLFLAG_SECURE, 0, "Firewall"); + SYSCTL_STATIC_CHILDREN(_net_inet6_ip6), OID_AUTO, "fw", + CTLFLAG_RW | CTLFLAG_SECURE, 0, "Firewall"); + SYSCTL_ADD_PROC(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree), + OID_AUTO, "enable", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, + &fw6_enable, 0, ipfw_chg_hook, "I", "Enable ipfw+6"); SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree), - OID_AUTO, "deny_unknown_exthdrs", CTLFLAG_RW | CTLFLAG_SECURE, - &fw_deny_unknown_exthdrs, 0, - "Deny packets with unknown IPv6 Extension Headers"); + OID_AUTO, "deny_unknown_exthdrs", CTLFLAG_RW | CTLFLAG_SECURE, + &fw_deny_unknown_exthdrs, 0, + "Deny packets with unknown IPv6 Extension Headers"); #endif layer3_chain.rules = NULL; |
