Luigi Rizzo wrote:
On Sun, Aug 24, 2008 at 01:14:45AM +0400, Roman Kurakin wrote:
Hi,
The IPFW_DEFAULT_RULE is also the max allowed rule number.
This value should be definitely public, so here is the patch, if there is
no objections I'll commit it within a couple of days.
After that, I plan to fix a couple of tools that need to know this value.
unless the tools you have in mind already include ip_fw.h (in which case
the change is harmless and I have no objection), i think it would be better
to export the value in a sysctl and let the tools fetch it from there,
so they do not need to include the header.
In fact, I am talking about ipfw(8) and natd(8). The first one uses
hard-coded value, the last one
pass rulenumbers to libalias(3) without a check, libalias(3) flushes
rules also without a check.
Thus if you erroneously set -punch_fw for natd(8) as 50000:60000 (and
not 50000:10000)
you will have to get to the remote server to set back all flashed rules
at the beginning of
the list. Yes, such fix will not save from such stupidities but can
decrease the number of
them.
IIRC the natd(8) doesn't include ip_fw.h, but I do not see why it would
be better to export
this value via sysctl, not compiled in via #include<> for it. The only
thing is binary portability,
but expecting this from system utility that not just reads smth but also
writes is wrong.
Anyway, if you aware of some ports, for which this value would be useful
sysctl also could
be added but we do not have much time before code-freeze.
Best regards,
rik
cheers
luigi
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
