Add a -b flag to /sbin/ipfw to print only action and comment for each

rule, thus omitting the entire body. This makes the output a lot more readable for complex rulesets (provided, of course, you have annotated your ruleset appropriately!) MFC after: 3 days
2003-12-12 16:14:28 +00:00 · 2003-12-12 16:14:28 +00:00 · ac6cec512b
commit ac6cec512b
parent 8a1a55ec29
2 changed files with 24 additions and 2 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -205,6 +205,10 @@ While listing, show counter values.
 The
 .Cm show
 command just implies this option.
+.It Fl b
+Only show the action and the comment, not the body of a rule.
+Implies
+.Fl c .
 .It Fl c
 When entering or showing rules, print them in compact form,
 i.e. without the optional "ip from any to any" string
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@ -65,6 +65,7 @@ int
 		do_compact,		/* show rules in compact mode */
 		show_sets,		/* display rule sets */
 		test_only,		/* only check syntax */
+		comment_only,		/* only print action and comment */
 		verbose;

 #define	IP_MASK_ALL	0xffffffff
@ -850,6 +851,8 @@ print_icmptypes(ipfw_insn_u32 *cmd)
 static void
 show_prerequisites(int *flags, int want, int cmd)
 {
+	if (comment_only)
+		return;
 	if ( (*flags & HAVE_IP) == HAVE_IP)
 		*flags |= HAVE_OPTIONS;

@ -1030,11 +1033,21 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
 		flags |= HAVE_IP | HAVE_OPTIONS;
 	}

+	if (comment_only)
+		comment = "...";
+
        for (l = rule->act_ofs, cmd = rule->cmd ;
 			l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) {
 		/* useful alias */
 		ipfw_insn_u32 *cmd32 = (ipfw_insn_u32 *)cmd;

+		if (comment_only) {
+			if (cmd->opcode != O_NOP)
+				continue;
+			printf(" // %s\n", (char *)(cmd + 1));
+			return;
+		}
+
 		show_prerequisites(&flags, 0, cmd->opcode);

 		switch(cmd->opcode) {
@ -1840,7 +1853,7 @@ help(void)
 {
 	fprintf(stderr,
 "ipfw syntax summary (but please do read the ipfw(8) manpage):\n"
-"ipfw [-acdeftTnNpqS] <command> where <command> is one of:\n"
+"ipfw [-abcdefhnNqStTv] <command> where <command> is one of:\n"
 "add [num] [set N] [prob x] RULE-BODY\n"
 "{pipe|queue} N config PIPE-BODY\n"
 "[pipe|queue] {zero|delete|show} [N{,N}]\n"
@ -3672,12 +3685,17 @@ ipfw_main(int oldac, char **oldav)
 	save_av = av;

 	optind = optreset = 0;
-	while ((ch = getopt(ac, av, "acdefhnNqs:STtv")) != -1)
+	while ((ch = getopt(ac, av, "abcdefhnNqs:STtv")) != -1)
 		switch (ch) {
 		case 'a':
 			do_acct = 1;
 			break;

+		case 'b':
+			comment_only = 1;
+			do_compact = 1;
+			break;
+
 		case 'c':
 			do_compact = 1;
 			break;