225944 – ipfw table destruction exit code and -q option

Bug 225944 - ipfw table destruction exit code and -q option

Summary: ipfw table destruction exit code and -q option

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	11.1-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-ipfw (Nobody)

URL:
Keywords:	feature

Depends on:
Blocks:

Reported:	2018-02-16 06:55 UTC by vladimir-csp
Modified:	2018-02-16 07:49 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description vladimir-csp 2018-02-16 06:55:46 UTC

This command:

    ipfw table sometable destroy

always returns 0 even if 'sometable' does not exist.

This command:

    ipfw table sometable create type addr

behaves correctly (0 on creation, 71 if table already exits)

Since autocreating table when adding address is now deprecated, it would be logical if -q option would also be supported for create/destroy commands. Currently a ruleset like this would work on boot, but fail on ipfw restart:

    -qf flush
    table 10 create type addr
    -q table 10 add 172.17.2.1/32
    add 00010 allow tcp from table(10) to me

Supporting -q option on create/destroy would make this construction workable:

    -qf flush
    -q table 10 create type addr
    -q table 10 add 172.17.2.1/32
    add allow tcp from table(10) to me


Another inconsistency is produced when checking the above ruleset (first variant without -q for create):

    # ipfw -n ipfw.rules
    Flushed all rules.
    Line 3: DEPRECATED: inserting data into non-existing table 10. (auto-created)
    00010 allow tcp from table(10) to me

'ipfw -n' ignores table create line, ignores existence of table 10, makes it impossible to tell whether the ruleset would work or not.