Stop ipfw from aborting when asked to delete a table entry that

doesn't exist or add one that is already present, if the -q flag is set. Useful for "ipfw -q /dev/stdin" when the command above is invoked from something like python or TCL to feed commands down the throat of ipfw. MFC in: 1 week
svn path=/head/; revision=155639
2006-02-14 03:10:29 +00:00 · 2006-02-14 03:10:29 +00:00 · 21899082ae · 2020-12-20 02:59:44 +00:00
commit 21899082ae
parent 085a0d43ca
2 changed files with 13 additions and 1 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -232,7 +232,8 @@ commands in a script
 .Ql sh\ /etc/rc.firewall ) ,
 or by processing a file of many
 .Nm
-rules across a remote login session.
+rules across a remote login session. It also stops a table add or delete
+from failing if the entry already exists or is not present.
 If a
 .Cm flush
 is performed in normal (verbose) mode (with the default kernel
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@ -4815,6 +4815,17 @@ table_handler(int ac, char *av[])
 			ent.value = 0;
 		if (do_cmd(do_add ? IP_FW_TABLE_ADD : IP_FW_TABLE_DEL,
 		    &ent, sizeof(ent)) < 0)
+			/* If running silent, don't bomb out on these errors. */
+			if (!(do_quiet && (errno == (do_add ? EEXIST : ESRCH))))
+				err(EX_OSERR, "setsockopt(IP_FW_TABLE_%s)",
+				    do_add ? "ADD" : "DEL");
+			/* In silent mode, react to a failed add by deleting */
+			if (do_add)
+				do_cmd(IP_FW_TABLE_DEL, &ent, sizeof(ent));
+				if (do_cmd(IP_FW_TABLE_ADD,
+				    &ent, sizeof(ent)) < 0)
+					err(EX_OSERR,
+				            "setsockopt(IP_FW_TABLE_ADD)");
 			err(EX_OSERR, "setsockopt(IP_FW_TABLE_%s)",
 			    do_add ? "ADD" : "DEL");
 	} else if (_substrcmp(*av, "flush") == 0) {