Bug 20201

Summary: "ipfw show" lists expired dynamic rules
Product: Base System Reporter: Stephen Montgomery-Smith <stephen>
Component: kernAssignee: Luigi Rizzo <luigi>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Stephen Montgomery-Smith 2000-07-26 21:50:01 UTC 
ipfw show
lists all the dynamic rules, including those that have expired.

Indeed, looking at the code, it seems to me that the only time the
expired rules are cleaned out is when the number of dynamic rules
exceeds net.inet.ip.fw.dyn_max

Fix: My idea is as follows: when the user types

  ipfw show

then in sys/netinet/ip_fw.c we should clean out all the expired
rules with a call to remove_dyn_rule(NULL,0).  This should have
very low overhead, because we don't type ipfw show very often.
How-To-Repeat: 
type
ipfw show
Comment 1 Sheldon Hearn freebsd_committer freebsd_triage 2000-07-27 12:44:40 UTC 
Responsible Changed
From-To: freebsd-bugs->luigi

Luigi, could you take a look at this one?
Comment 2 Sheldon Hearn freebsd_committer freebsd_triage 2000-07-27 14:36:34 UTC 
State Changed
From-To: open->closed

Luigi feels that the current behaviour is desirable.