Attachment #10927 for bug #21735

View | Details | Raw Unified | Return to bug 21735
Collapse All | Expand All

Lines 78-83 Link Here

(-)sys/netinet/ip_fw.c (-3 / +6 lines)
78	#else	78	#else
79	static int fw_verbose_limit = 0;	79	static int fw_verbose_limit = 0;
80	#endif	80	#endif
		81	static int fw_auto_increment = 100;
81		82
82	static u_int64_t counter; /* counter for ipfw_report(NULL...) */	83	static u_int64_t counter; /* counter for ipfw_report(NULL...) */
83	struct ipfw_flow_id last_pkt ;	84	struct ipfw_flow_id last_pkt ;
Lines 102-107 Link Here
102	&fw_verbose, 0, "Log matches to ipfw rules");	103	&fw_verbose, 0, "Log matches to ipfw rules");
103	SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,	104	SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
104	&fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");	105	&fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
		106	SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, auto_increment, CTLFLAG_RW,
		107	&fw_auto_increment, 0, "Amount by which to increment rule numbers when it is not specified");
105		108
106	#if STATEFUL	109	#if STATEFUL
107	/*	110	/*
Lines 1458-1464 Link Here
1458	return(0);	1461	return(0);
1459	}	1462	}
1460		1463
1461	/* If entry number is 0, find highest numbered rule and add 100 */	1464	/* If entry number is 0, find highest numbered rule and add fw_auto_increment */
1462	if (ftmp->fw_number == 0) {	1465	if (ftmp->fw_number == 0) {
1463	for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {	1466	for (fcp = LIST_FIRST(chainptr); fcp; fcp = LIST_NEXT(fcp, chain)) {
1464	if (fcp->rule->fw_number != (u_short)-1)	1467	if (fcp->rule->fw_number != (u_short)-1)
Lines 1466-1473 Link Here
1466	else	1469	else
1467	break;	1470	break;
1468	}	1471	}
1469	if (nbr < IPFW_DEFAULT_RULE - 100)	1472	if (nbr < IPFW_DEFAULT_RULE - fw_auto_increment)
1470	nbr += 100;	1473	nbr += fw_auto_increment;
1471	ftmp->fw_number = nbr;	1474	ftmp->fw_number = nbr;
1472	}	1475	}
1473		1476

Lines 1056-1061 Link Here

(-)sbin/ipfw/ipfw.8 (+2 lines)
1056	firewall even if compiled in.	1056	firewall even if compiled in.
1057	.It Em net.inet.ip.fw.verbose_limit : No 0	1057	.It Em net.inet.ip.fw.verbose_limit : No 0
1058	Limits the number of messages produced by a verbose firewall.	1058	Limits the number of messages produced by a verbose firewall.
		1059	.It Em net.inet.ip.fw.auto_increment : No 100
		1060	Amount by which to increment the current rule number when none is specified
1059	.It Em net.inet.ip.fw.dyn_buckets : No 256	1061	.It Em net.inet.ip.fw.dyn_buckets : No 256
1060	.It Em net.inet.ip.fw.curr_dyn_buckets : No 256	1062	.It Em net.inet.ip.fw.curr_dyn_buckets : No 256
1061	The configured and current size of the hash table used to	1063	The configured and current size of the hash table used to

Return to bug 21735