conf/96247: [patch] 550.ipfwlimit reports logs even if log
size is not limited.
Tsurutani Naoki
turutani at scphys.kyoto-u.ac.jp
Tue May 9 22:17:02 UTC 2006
> This is not a bug: if net.inet.ip.fw.verbose_limit=0 but rules
> specify a limit, this limit has the priority since it's a specific
> setting that overrides a general one.
I still think this is a bug.
When "log" keyword is set without "logamount" for each rule,
limit about this rule shoule not be set.
A value of 0 in "logamount" or net.inet.ip.fw.verbose_limit has
a special meaning of "no limit", as I think. Is this wrong ?
But my previous patch was wrong. Here is a new patch:
--- etc/periodic/security/550.ipfwlimit.orig Mon Apr 24 13:27:37 2006
+++ etc/periodic/security/550.ipfwlimit Wed May 10 07:00:10 2006
@@ -54,7 +54,7 @@
if ($2 > $7)
{print $0}
} else {
- if ($2 > limit)
+ if (limit != 0 && $2 > limit)
{print $0}}
}' > ${TMP}
More information about the freebsd-bugs
mailing list