diff options
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fw.h | 5 | ||||
-rw-r--r-- | sys/netinet/ip_fw2.c | 3 |
2 files changed, 7 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 5dcdbb3..852056d 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -29,6 +29,11 @@ #define _IPFW2_H /* + * The default rule number. It is also the max possible rule number. + */ +#define IPFW_DEFAULT_RULE 65535 + +/* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF * instructions), which specify which fields of the packet diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 1f316c4..a131ae8 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -122,7 +122,6 @@ static int verbose_limit; static struct callout ipfw_timeout; static uma_zone_t ipfw_dyn_rule_zone; -#define IPFW_DEFAULT_RULE 65535 /* * Data structure to cache our ucred related @@ -180,6 +179,8 @@ SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose, &fw_verbose, 0, "Log matches to ipfw rules"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); +SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, default_rule, CTLFLAG_RD, + NULL, IPFW_DEFAULT_RULE, "The default/max possible rule number."); /* * Description of dynamic rules. |