Re: Small problem with ipfw list
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
ok this should be fixed now in head (revision 205179)
cheers
luigi
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
ok this should be fixed now in head (revision 205179)
Great, thank you very much for doing this!
Do you think this could be merged to stable/8 and stable/7?
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
C++ is to C as Lung Cancer is to Lung.
-- Thomas Funke
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote:
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
ok this should be fixed now in head (revision 205179)
Great, thank you very much for doing this!
Do you think this could be merged to stable/8 and stable/7?
it's a trivial change to the userland program so whoever wants
to do the merge is welcome. I should be able to merge to stable/8
perhaps next monday, whereas for stable/7 perhaps we should wait for the
code freeze to end ?
cheers
luigi
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
Luigi Rizzo wrote: On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote: Do you think this could be merged to stable/8 and stable/7? it's a trivial change to the userland program so whoever wants to do the merge is welcome. I should be able to merge to stable/8 perhaps next monday, whereas for stable/7 perhaps we should wait for the code freeze to end ? Yes, I agree. This is not a critical issue, so it can wait for the code freeze to end. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd That's what I love about GUIs: They make simple tasks easier, and complex tasks impossible. -- John William Chambless ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
Luigi Rizzo wrote: On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote: Just a question: Is the output from ipfw list supposed to be in the same rule format that is accepted as input? it is not, partly due to backward compatibility. I see. If you try ipfw -c show then you might have better luck though. Unfortunately that makes things even worse. The dst-ip word is still there, and additionally any rules containing from any to any are shortened, which is also not accepted as input to ipfw(8). What do you think about adding a new option that lists the rules in a format that can be fed back as input to ipfw(8)? There are several tools with similar options, for example stty -g. So far -g is not used in ipfw(8), so ... Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd I suggested holding a Python Object Oriented Programming Seminar, but the acronym was unpopular. -- Joseph Strout ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
On Wed, Mar 10, 2010 at 12:20:33PM +0100, Oliver Fromme wrote: Luigi Rizzo wrote: On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote: Just a question: Is the output from ipfw list supposed to be in the same rule format that is accepted as input? it is not, partly due to backward compatibility. I see. If you try ipfw -c show then you might have better luck though. Unfortunately that makes things even worse. The dst-ip word is still there, and additionally any rules containing from any to any are shortened, which is also not accepted as input to ipfw(8). ok this means that i need to fix the output so that it is in a form acceptable to be fed back to ipfw. I'll try to come up with a patch soon (possibly using -g as an alias for -c if needed) cheers luigi What do you think about adding a new option that lists the rules in a format that can be fed back as input to ipfw(8)? There are several tools with similar options, for example stty -g. So far -g is not used in ipfw(8), so ... Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Gesch?ftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n- chen, HRB 125758, Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd I suggested holding a Python Object Oriented Programming Seminar, but the acronym was unpopular. -- Joseph Strout ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
Hi-- On Mar 10, 2010, at 3:44 AM, Luigi Rizzo wrote: ok this means that i need to fix the output so that it is in a form acceptable to be fed back to ipfw. +1... I'll try to come up with a patch soon (possibly using -g as an alias for -c if needed) ...and thanks for being willing to spend the time fixing this. Regards, -- -Chuck ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Small problem with ipfw list
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
it is not, partly due to backward compatibility.
If you try ipfw -c show then you might have better luck though.
cheers
luigi
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
# ipfw list 100
00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
# ipfw add 200 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}'
ipfw: hostname ``dst-ip'' unknown
So it inserts the word dst-ip in the output when an or
block is used, but that word isn't accepted as input.
I think the output from ipfw list should be valid rule
format that could be fed back as input to ipfw(8).
In fact that's exactly what I need to do in a script that
I've written recently, and the dst-ip problem bit me.
I had to work around it with sed(1).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Gesch?ftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n-
chen, HRB 125758, Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
Python is an experiment in how much freedom programmers need.
Too much freedom and nobody can read another's code; too little
and expressiveness is endangered.
-- Guido van Rossum
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
