author: Josef Karthauser <joe@FreeBSD.org> 2001-10-27 23:05:48 +0000
committer: Josef Karthauser <joe@FreeBSD.org> 2001-10-27 23:05:48 +0000
commit: 1e88a1f3ec4f3f16ac5464ca8a02c59b626de5ac (patch)
tree: ff3554b14257da99b9a7ad7a121502b53c4c13a5
parent: 0bba27a334995b0fecfb413729f5e3fd0f41ab6f (diff)
2 files changed, 24 insertions, 3 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 5b9d0450740d..03ec3b9c7f84 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -28,7 +28,7 @@
 .Op Ar number ...
 .Nm
 .Op Fl s Op Ar field
-.Op Fl aftN
+.Op Fl adeftN
 .Es \&{ \&}
 .En Cm list | show
 .Op Ar number ...
@@ -153,6 +153,12 @@ While listing, show counter values.
 See also the
 .Cm show
 command.
+.It Fl d
+While listing, show dynamic rules in addition to static ones.
+.It Fl e
+While listing, if the
+.Fl d
+option was specified, also show expired dynamic rules.
 .It Fl f
 Don't ask for confirmation for commands that can cause problems
 if misused,
diff --git a/sbin/ipfw/ipfw.c b/sbin/ipfw/ipfw.c
index 79a292710210..25c08c7a8531 100644
--- a/sbin/ipfw/ipfw.c
+++ b/sbin/ipfw/ipfw.c
@@ -66,6 +66,8 @@ int		s,			/* main RAW socket	   */
 		do_force,		/* Don't ask for confirmation */
 		do_pipe,		/* this cmd refers to a pipe */
 		do_sort,		/* field to sort results (0 = no) */
+		do_dynamic,		/* display dynamic rules */
+		do_expired,		/* display expired dynamic rules */
 		verbose;
 
 struct icmpcode {
@@ -741,6 +743,7 @@ list(ac, av)
 				warnx("invalid rule number: %s", *(av - 1));
 				continue;
 			}
+			do_dynamic = 0;
 			for (seen = n = 0; n < num; n++) {
 				struct ip_fw *const r = &rules[n];
 
@@ -764,7 +767,7 @@ list(ac, av)
 	/*
 	 * show dynamic rules
 	*/
-	if (num * sizeof (rules[0]) != nbytes) {
+	if (do_dynamic && num * sizeof (rules[0]) != nbytes) {
 		struct ipfw_dyn_rule *d =
 		    (struct ipfw_dyn_rule *)&rules[num];
 		struct in_addr a;
@@ -772,6 +775,12 @@ list(ac, av)
 
             printf("## Dynamic rules:\n");
             for (;; d++) {
+		if (d->expire == 0 && !do_expired) {
+			if (d->next == NULL)
+				break;
+			continue;
+		}
+
                 printf("%05d %qu %qu (T %d, # %d) ty %d",
                     (int)(d->chain),
                     d->pcnt, d->bcnt,
@@ -2092,7 +2101,7 @@ ipfw_main(ac, av)
 	do_force = !isatty(STDIN_FILENO);
 
 	optind = optreset = 1;
-	while ((ch = getopt(ac, av, "s:afqtvN")) != -1)
+	while ((ch = getopt(ac, av, "s:adefqtvN")) != -1)
 	switch(ch) {
 		case 's': /* sort */
 			do_sort= atoi(optarg);
@@ -2100,6 +2109,12 @@ ipfw_main(ac, av)
 		case 'a':
 			do_acct = 1;
 			break;
+		case 'd':
+			do_dynamic = 1;
+			break;
+		case 'e':
+			do_expired = 1;
+			break;
 		case 'f':
 			do_force = 1;
 			break;
author	Josef Karthauser <joe@FreeBSD.org>	2001-10-27 23:05:48 +0000
committer	Josef Karthauser <joe@FreeBSD.org>	2001-10-27 23:05:48 +0000
commit	1e88a1f3ec4f3f16ac5464ca8a02c59b626de5ac (patch)
tree	ff3554b14257da99b9a7ad7a121502b53c4c13a5
parent	0bba27a334995b0fecfb413729f5e3fd0f41ab6f (diff)