From 7d4b2d52448bbf32924838d1f00e9bd0e350855d Mon Sep 17 00:00:00 2001 From: "Andrey V. Elsukov" Date: Tue, 25 Jun 2019 09:11:22 +0000 Subject: [PATCH] Mark default rule with IPFW_RULE_NOOPT flag, so it can be showed in compact form. MFC after: 1 week --- sys/netpfil/ipfw/ip_fw2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 6796ad81611d..f8bd4dea1d61 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -3364,6 +3364,7 @@ vnet_ipfw_init(const void *unused) /* fill and insert the default rule */ rule = ipfw_alloc_rule(chain, sizeof(struct ip_fw)); + rule->flags |= IPFW_RULE_NOOPT; rule->cmd_len = 1; rule->cmd[0].len = 1; rule->cmd[0].opcode = default_to_accept ? O_ACCEPT : O_DENY;