From ac6cec512bc867d6344ccc388763b52662dc8c51 Mon Sep 17 00:00:00 2001
From: Luigi Rizzo <luigi@FreeBSD.org>
Date: Fri, 12 Dec 2003 16:14:28 +0000
Subject: [PATCH] Add a -b flag to /sbin/ipfw to print only action and comment
 for each rule, thus omitting the entire body. This makes the output a lot
 more readable for complex rulesets (provided, of course, you have annotated
 your ruleset appropriately!)

MFC after: 3 days
---
 sbin/ipfw/ipfw.8  |  4 ++++
 sbin/ipfw/ipfw2.c | 22 ++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 7d64d65593de..cc60303bc0bb 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -205,6 +205,10 @@ While listing, show counter values.
 The
 .Cm show
 command just implies this option.
+.It Fl b
+Only show the action and the comment, not the body of a rule.
+Implies
+.Fl c .
 .It Fl c
 When entering or showing rules, print them in compact form,
 i.e. without the optional "ip from any to any" string
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 7597ebdc4ce1..6a151e750cff 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -65,6 +65,7 @@ int
 		do_compact,		/* show rules in compact mode */
 		show_sets,		/* display rule sets */
 		test_only,		/* only check syntax */
+		comment_only,		/* only print action and comment */
 		verbose;
 
 #define	IP_MASK_ALL	0xffffffff
@@ -850,6 +851,8 @@ print_icmptypes(ipfw_insn_u32 *cmd)
 static void
 show_prerequisites(int *flags, int want, int cmd)
 {
+	if (comment_only)
+		return;
 	if ( (*flags & HAVE_IP) == HAVE_IP)
 		*flags |= HAVE_OPTIONS;
 
@@ -1030,11 +1033,21 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
 		flags |= HAVE_IP | HAVE_OPTIONS;
 	}
 
+	if (comment_only)
+		comment = "...";
+
         for (l = rule->act_ofs, cmd = rule->cmd ;
 			l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) {
 		/* useful alias */
 		ipfw_insn_u32 *cmd32 = (ipfw_insn_u32 *)cmd;
 
+		if (comment_only) {
+			if (cmd->opcode != O_NOP)
+				continue;
+			printf(" // %s\n", (char *)(cmd + 1));
+			return;
+		}
+
 		show_prerequisites(&flags, 0, cmd->opcode);
 
 		switch(cmd->opcode) {
@@ -1840,7 +1853,7 @@ help(void)
 {
 	fprintf(stderr,
 "ipfw syntax summary (but please do read the ipfw(8) manpage):\n"
-"ipfw [-acdeftTnNpqS] <command> where <command> is one of:\n"
+"ipfw [-abcdefhnNqStTv] <command> where <command> is one of:\n"
 "add [num] [set N] [prob x] RULE-BODY\n"
 "{pipe|queue} N config PIPE-BODY\n"
 "[pipe|queue] {zero|delete|show} [N{,N}]\n"
@@ -3672,12 +3685,17 @@ ipfw_main(int oldac, char **oldav)
 	save_av = av;
 
 	optind = optreset = 0;
-	while ((ch = getopt(ac, av, "acdefhnNqs:STtv")) != -1)
+	while ((ch = getopt(ac, av, "abcdefhnNqs:STtv")) != -1)
 		switch (ch) {
 		case 'a':
 			do_acct = 1;
 			break;
 
+		case 'b':
+			comment_only = 1;
+			do_compact = 1;
+			break;
+
 		case 'c':
 			do_compact = 1;
 			break;