svn commit: r337536 - head/sbin/ipfw

Thu Aug 9 17:32:13 UTC 2018

[ text/html is unsupported, treating like TEXT/PLAIN ]
Can you resend in none html format please?

> <br /><br />19:50, 9 Ð°Ð²Ð³ÑƒÑÑ‚Ð° 2018 Ð³., "Rodney W. Grimes" <freebsd at pdx.rh.cn85.dnsmgr.net>:<br /><blockquote><p>-- Start of PGP signed section.<br />[ Charset UTF-8 unsupported, converting... ]<br /></p><blockquote>Â On 09.08.2018 19:19, Rodney W. Grimes wrote:<br />Â >>>> table add/delete commands had the same behavior, "nat" already noted in<br />Â >>>> this list. What is the usage scenario do you use, where you need to fail<br />Â >>>> on bad delete?<br />Â >>><br />Â >>> if [ ipfw delete ${1} ]; then<br />Â >>> 	handle the missing rule<br />Â >>> fi<br />Â >><br />Â >> This is mostly unneeded operation, that we wanted to avoid.<br />Â >> I.e. to be able run in bath mode:<br />Â >><br />Â >> delete ${n}<br />Â >> add ${n} ...<br />Â > <br />Â > That is one use case, but any shell script worth writting<br />Â > is worth writting to handle error conditions, and not being<br />Â > able to handle errors while being silent is a PITA.<br /><br />Â Ok, I still don't understand the usefulness of knowing the error<br />Â code of delete command. But, I can propose the following solution:<br />Â Index: ipfw2.c<br />Â ===================================================================<br />Â --- ipfw2.c	(revision 337541)<br />Â +++ ipfw2.c	(working copy)<br />Â @@ -3314,7 +3314,7 @@ ipfw_delete(char *av[])<br />Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â }<br />Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â }<br />Â Â Â Â Â Â Â Â Â Â }<br />Â -	if (exitval != EX_OK && co.do_quiet == 0)<br />Â +	if (exitval != EX_OK && co.do_force == 0)<br />Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â exit(exitval);<br />Â Â }<br /><br /><br />Â With this patch -q will work as "quiet", -f will work as "force".<br />Â So, you can still get error code in shell script, and I can run batched<br />Â commands with -q -f:<br /><br />Â # ipfw -f delete <span>10000-11000</span> ; echo $?<br />Â ipfw: no rules rules in <span>10000-11000</span> range<br />Â 0<br />Â # ipfw -qf delete <span>10000-11000</span> ; echo $?<br />Â 0<br />Â # ipfw -q delete <span>10000-11000</span> ; echo $?<br />Â 69<br /><br />Â Are you fine with this?<br /></blockquote><p>In spirit yes, in implementation No:<br /><br />The -f option is documented, and actually does, something different<br />than what your change would implement.<br /><br />Â Â Â Â Â -f      Do not ask for confirmation for commands that can cause problems<br />Â Â Â Â Â Â Â Â Â Â Â Â Â if misused, i.e., flush.  If there is no tty associated with the<br />Â Â Â Â Â Â Â Â Â Â Â Â Â process, this is implied.<br /></p></blockquote>But this option means "force", with -f ipfw(8) will not ask any questions and forcebly execute the command. The description in man page can be modified to correctly describe the case.Â <br /><br />ÐžÑ‚Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¾ Ð¸Ð· Ð¼Ð¾Ð±Ð¸Ð»ÑŒÐ½Ð¾Ð¹ Ð¯Ð½Ð´ÐµÐºÑ.ÐŸÐ¾Ñ‡Ñ‚Ñ‹: http://m.ya.ru/ymail
-- 
Rod Grimes                                                 rgrimes at freebsd.org