Allow overriding of net.inet.ip.fw.verbose_limit; if you want to make a

rule that logs without a log limit, use "logamount 0" in addition to "log".
svn path=/head/; revision=59775
2024-12-04 03:49:02 +00:00 · 2000-04-30 06:44:11 +00:00 · 2000-04-30 06:44:11 +00:00 · 0f95689794 · 2020-12-20 02:59:44 +00:00
commit 0f95689794
parent 2ba118a15e
2 changed files with 15 additions and 7 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -422,13 +422,19 @@ If the kernel was compiled with the
 .Dv IPFIREWALL_VERBOSE_LIMIT
 option, then by default logging will cease after the number
 of packets specified by the option are received for that
-particular chain entry.
+particular chain entry, and
+.Em net.inet.ip.fw.verbose_limit
+will be set to that number.
 However, if
 .Cm logamount Ar number
 is used, that
 .Ar number
-will be the default logging limit rather than
-.Dv IPFIREWALL_VERBOSE_LIMIT .
+will be the logging limit rather than
+.Em net.inet.ip.fw.verbose_limit ,
+where the value
+.Dq 0
+removes the logging limit.
+.Dv
 Logging may then be re-enabled by clearing the logging counter
 or the packet counter for that entry.
 .Pp
--- a/sbin/ipfw/ipfw.c
+++ b/sbin/ipfw/ipfw.c
@ -1412,9 +1412,10 @@ add(ac,av)
 		if (!ac)
 			show_usage("``logamount'' requires argument");
 		rule.fw_logamount = atoi(*av);
-		if (rule.fw_logamount <= 0)
-			show_usage("``logamount'' argument must be greater "
-			    "than 0");
+		if (rule.fw_logamount < 0)
+			show_usage("``logamount'' argument must be positive");
+		if (rule.fw_logamount == 0)
+			rule.fw_logamount = -1;
 		ac--; av++;
 	}

@ -1685,7 +1686,8 @@ badviacombo:
 			    &rule.fw_logamount, &len, NULL, 0) == -1)
 				errx(1, "sysctlbyname(\"%s\")",
 				    "net.inet.ip.fw.verbose_limit");
-		}
+		} else if (rule.fw_logamount == -1)
+			rule.fw_logamount = 0;
 		rule.fw_loghighest = rule.fw_logamount;
 	}
 done: