From 21899082aec753c4d35a104dcad3e63d4471ee2c Mon Sep 17 00:00:00 2001 From: Julian Elischer Date: Tue, 14 Feb 2006 03:10:29 +0000 Subject: [PATCH] Stop ipfw from aborting when asked to delete a table entry that doesn't exist or add one that is already present, if the -q flag is set. Useful for "ipfw -q /dev/stdin" when the command above is invoked from something like python or TCL to feed commands down the throat of ipfw. MFC in: 1 week --- sbin/ipfw/ipfw.8 | 3 ++- sbin/ipfw/ipfw2.c | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 8ba94e03823c..911af5c81977 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -232,7 +232,8 @@ commands in a script .Ql sh\ /etc/rc.firewall ) , or by processing a file of many .Nm -rules across a remote login session. +rules across a remote login session. It also stops a table add or delete +from failing if the entry already exists or is not present. If a .Cm flush is performed in normal (verbose) mode (with the default kernel diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 13e1df365d97..f88ce70c5e96 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -4815,6 +4815,17 @@ table_handler(int ac, char *av[]) ent.value = 0; if (do_cmd(do_add ? IP_FW_TABLE_ADD : IP_FW_TABLE_DEL, &ent, sizeof(ent)) < 0) + /* If running silent, don't bomb out on these errors. */ + if (!(do_quiet && (errno == (do_add ? EEXIST : ESRCH)))) + err(EX_OSERR, "setsockopt(IP_FW_TABLE_%s)", + do_add ? "ADD" : "DEL"); + /* In silent mode, react to a failed add by deleting */ + if (do_add) + do_cmd(IP_FW_TABLE_DEL, &ent, sizeof(ent)); + if (do_cmd(IP_FW_TABLE_ADD, + &ent, sizeof(ent)) < 0) + err(EX_OSERR, + "setsockopt(IP_FW_TABLE_ADD)"); err(EX_OSERR, "setsockopt(IP_FW_TABLE_%s)", do_add ? "ADD" : "DEL"); } else if (_substrcmp(*av, "flush") == 0) {