Page MenuHomeFreeBSD

Add two new options to "ipfw table <NAME> create" to simplify firewall reload
Needs ReviewPublic

Authored by lev on Nov 26 2018, 12:33 PM.

Details

Summary

Now it is very hard to reload (with service ipfw restart and such) firewall which uses tables and have create table NAME commands, as these commands will fail because tables already exists And delete table NAME will fail for first firewall load, as tables are not exist yet.

This patch adds two new options for create table command:

  • missing — this option suppresses EEXISTS error, but check, that existing table has same parameters as new one.
  • or-flush — this options implies missing and additionally flush table if it exists.

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

lev created this revision.Nov 26 2018, 12:33 PM
mizhka_gmail.com requested changes to this revision.Nov 26 2018, 11:21 PM
mizhka_gmail.com added a subscriber: mizhka_gmail.com.
mizhka_gmail.com added inline comments.
ipfw/ipfw.8
2121–2139 ↗(On Diff #51113)

Bump date of man doc?

ipfw/tables.c
328–331 ↗(On Diff #51113)

Should be tabs instead of spaces

500 ↗(On Diff #51113)

(flush != 0)
better to follow same style over whole code ;)

This revision now requires changes to proceed.Nov 26 2018, 11:21 PM
lev updated this revision to Diff 51163.Nov 27 2018, 11:54 AM

Address comments by @mizhka_gmail.com

lev marked 3 inline comments as done.Nov 27 2018, 11:55 AM