Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour. PR: 30255 Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk> Reviewed by: phk MFC after: 4 weeks
This commit is contained in:
phk
parent
b35708db5b
commit
10fe9ee3d2
@ -31,6 +31,7 @@
|
||||
.Op Fl log_denied
|
||||
.Op Fl log_facility Ar facility_name
|
||||
.Op Fl punch_fw Ar firewall_range
|
||||
.Op Fl log_ipfw_denied
|
||||
.Ek
|
||||
.Sh DESCRIPTION
|
||||
This program provides a Network Address Translation facility for use
|
||||
@ -461,6 +462,8 @@ rules starting from the rule number
|
||||
.Ar basenumber
|
||||
will be used for punching firewall holes.
|
||||
The range will be cleared for all rules on startup.
|
||||
.It Fl log_ipfw_denied
|
||||
Log when a packet can't be re-injected because a ipfw rule deny it.
|
||||
.El
|
||||
.Sh RUNNING NATD
|
||||
The following steps are necessary before attempting to run
|
||||
|
||||
@ -126,6 +126,7 @@ static int packetDirection;
|
||||
static int dropIgnoredIncoming;
|
||||
static int logDropped;
|
||||
static int logFacility;
|
||||
static int log_ipfw_denied;
|
||||
|
||||
int main (int argc, char** argv)
|
||||
{
|
||||
@ -160,6 +161,7 @@ int main (int argc, char** argv)
|
||||
dynamicMode = 0;
|
||||
logDropped = 0;
|
||||
logFacility = LOG_DAEMON;
|
||||
log_ipfw_denied = 0;
|
||||
/*
|
||||
* Mark packet buffer empty.
|
||||
*/
|
||||
@ -614,7 +616,7 @@ static void FlushPacketBuffer (int fd)
|
||||
(struct ip*) packetBuf,
|
||||
ifMTU - aliasOverhead);
|
||||
}
|
||||
else {
|
||||
else if (errno == EACCES && log_ipfw_denied) {
|
||||
|
||||
sprintf (msgBuf, "failed to write packet back");
|
||||
Warn (msgBuf);
|
||||
@ -870,7 +872,8 @@ enum Option {
|
||||
ProxyRule,
|
||||
LogDenied,
|
||||
LogFacility,
|
||||
PunchFW
|
||||
PunchFW,
|
||||
LogIpfwDenied
|
||||
};
|
||||
|
||||
enum Param {
|
||||
@ -1088,7 +1091,15 @@ static struct OptionInfo optionTable[] = {
|
||||
"basenumber:count",
|
||||
"punch holes in the firewall for incoming FTP/IRC DCC connections",
|
||||
"punch_fw",
|
||||
NULL }
|
||||
NULL },
|
||||
|
||||
{ LogIpfwDenied,
|
||||
0,
|
||||
YesNo,
|
||||
"[yes|no]",
|
||||
"log packets converted by natd, but denied by ipfw",
|
||||
"log_ipfw_denied",
|
||||
NULL },
|
||||
};
|
||||
|
||||
static void ParseOption (const char* option, const char* parms)
|
||||
@ -1272,6 +1283,8 @@ static void ParseOption (const char* option, const char* parms)
|
||||
case PunchFW:
|
||||
SetupPunchFW(strValue);
|
||||
break;
|
||||
case LogIpfwDenied:
|
||||
log_ipfw_denied=1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user