Bug 18550

Summary: ipfw list|show always shows dynamic rules (+FIX)
Product: Base System Reporter: Lyndon Nerenberg <lyndon>
Component: binAssignee: Dag-Erling Smørgrav <des>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.shar none

Description Lyndon Nerenberg 2000-05-14 20:50:01 UTC 
IF you use dynamic firewall rules (via keep-state), when listing rules
you always see the dynamic rules. There should be an option to suppress
printing of those rules.

Also, when issuing 'ipfw list|show <rulenumber>' you also see all the
dynamic rules. This seems to violate POLA: if I'm asking for one
rule, I really only want to see that rule, and not all the dynamic
rules.

Fix: The attached patch adds a -d flag that suppresses printing of
dynamic rules. It also modifies the behaviour of the list and
show subcommands to not display the dynamic rules if the subcommand
specifies a rule number.
Comment 1 Johan Karlsson freebsd_committer freebsd_triage 2000-08-24 13:40:37 UTC 
Responsible Changed
From-To: freebsd-bugs->luigi

Over to ipfw maintainer.
Comment 2 dwmalone freebsd_committer freebsd_triage 2001-05-18 20:13:43 UTC 
Responsible Changed
From-To: luigi->dwmalone

Luigi - the patch in this PR looks sensible. I'll test it and commit it 
if you have no objections.
Comment 3 des 2001-05-31 20:30:02 UTC 
There are a couple of problems with this patch:

 - the default should be to *not* list dynamic rules, and the -d
   option should enable showing them.

 - when dynamic rules are shown, rules with a ttl of 0 should be
   omitted unless an additional option is specified (or -d is
   specified twice); they're mostly just noise.

 - when a specific rule is requested and the -d option is specified,
   dynamic rules matching the specified rule number *should* be shown.

Expect a patch shortly.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org
Comment 4 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2001-06-13 16:39:31 UTC 
State Changed
From-To: open->feedback

Fixed in -CURRENT, awaiting MFC.
Comment 5 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2001-06-13 16:39:31 UTC 
Responsible Changed
From-To: dwmalone->des

I'll handle the MFC.
Comment 6 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2001-11-27 13:40:38 UTC 
State Changed
From-To: feedback->closed

Josef Karthauser MFCed this a month ago.