Add a flag to "ipfw show" which supresses the display of dynamic

rules.  Also, don't show dynamic rules if you only asked to see a
certain rule number.

PR:		18550
Submitted by:	Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Approved by:	luigi
MFC after:	2 weeks

sbin/ipfw/ipfw.8

@@ -28,7 +28,7 @@
 .Op Ar number ...
 .Nm
 .Op Fl s Op Ar field
-.Op Fl aftN
+.Op Fl adftN
 .Es \&{ \&}
 .En Cm list | show
 .Op Ar number ...
@@ -153,6 +153,8 @@ While listing, show counter values.
 See also the
 .Cm show
 command.
+.It Fl d
+While listing, do not print the dynamic rules.
 .It Fl f
 Don't ask for confirmation for commands that can cause problems
 if misused,

sbin/ipfw/ipfw.c

@@ -66,6 +66,7 @@ int 		s,				/* main RAW socket 	   */
 		do_force,			/* Don't ask for confirmation */
 		do_pipe,			/* this cmd refers to a pipe */
 		do_sort,			/* field to sort results (0=no) */
+		do_dynamic = 1,			/* display dynamic rules */
 		verbose;
 
 struct icmpcode {
@@ -776,6 +777,7 @@ list(ac, av)
 				warnx("invalid rule number: %s", *(av - 1));
 				continue;
 			}
+			do_dynamic = 0;
 			for (seen = n = 0; n < num; n++) {
 				struct ip_fw *const r = &rules[n];
 
@@ -799,7 +801,7 @@ list(ac, av)
         /*
          * show dynamic rules
          */
-        if (num * sizeof (rules[0]) != nbytes ) {
+        if (do_dynamic && num * sizeof (rules[0]) != nbytes ) {
             struct ipfw_dyn_rule *d =
                     (struct ipfw_dyn_rule *)&rules[num] ;
             struct in_addr a ;
@@ -2254,7 +2256,7 @@ ipfw_main(ac,av)
 	do_force = !isatty(STDIN_FILENO);
 
 	optind = optreset = 1;
-	while ((ch = getopt(ac, av, "s:afqtvN")) != -1)
+	while ((ch = getopt(ac, av, "s:adfqtvN")) != -1)
 	switch(ch) {
 		case 's': /* sort */
 			do_sort= atoi(optarg);
@@ -2262,6 +2264,9 @@ ipfw_main(ac,av)
 		case 'a':
 			do_acct=1;
 			break;
+		case 'd':
+			do_dynamic=0;
+			break;
 		case 'f':
 			do_force=1;
 			break;