Allow overriding of net.inet.ip.fw.verbose_limit; if you want to make a

rule that logs without a log limit, use "logamount 0" in addition to "log".
This commit is contained in:
Brian Feldman 2000-04-30 06:44:11 +00:00
parent 2ba118a15e
commit 0f95689794
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=59775
2 changed files with 15 additions and 7 deletions

View File

@ -422,13 +422,19 @@ If the kernel was compiled with the
.Dv IPFIREWALL_VERBOSE_LIMIT
option, then by default logging will cease after the number
of packets specified by the option are received for that
particular chain entry.
particular chain entry, and
.Em net.inet.ip.fw.verbose_limit
will be set to that number.
However, if
.Cm logamount Ar number
is used, that
.Ar number
will be the default logging limit rather than
.Dv IPFIREWALL_VERBOSE_LIMIT .
will be the logging limit rather than
.Em net.inet.ip.fw.verbose_limit ,
where the value
.Dq 0
removes the logging limit.
.Dv
Logging may then be re-enabled by clearing the logging counter
or the packet counter for that entry.
.Pp

View File

@ -1412,9 +1412,10 @@ add(ac,av)
if (!ac)
show_usage("``logamount'' requires argument");
rule.fw_logamount = atoi(*av);
if (rule.fw_logamount <= 0)
show_usage("``logamount'' argument must be greater "
"than 0");
if (rule.fw_logamount < 0)
show_usage("``logamount'' argument must be positive");
if (rule.fw_logamount == 0)
rule.fw_logamount = -1;
ac--; av++;
}
@ -1685,7 +1686,8 @@ add(ac,av)
&rule.fw_logamount, &len, NULL, 0) == -1)
errx(1, "sysctlbyname(\"%s\")",
"net.inet.ip.fw.verbose_limit");
}
} else if (rule.fw_logamount == -1)
rule.fw_logamount = 0;
rule.fw_loghighest = rule.fw_logamount;
}
done: