On 21:45:37 Dec 02, Henning Brauer wrote:
> * MikeM <[EMAIL PROTECTED]> [2007-12-02 15:35]:
> > When I run the command
> >
> > pfctl -sr
> >
> > a list of the rules is displayed, a sample line is below.
> >
> > pass in log quick on fxp0 inet proto tcp from 226.174.167.164 to
> > (fxp0) port = smtp flags S/FSRA keep state
> >
> >
> > Is there a way for me to tell pfctl that I want to see
> >
> > port = 25
> >
> > instead of
> >
> > port = smtp
> >
> > ?
>
> short of hacking pfctl source, no.
>
As per your request I have added the "-P" switch to pfctl to display
numeric port numbers instead of service names for those who desire the
same.
Please find attached the diff.
I have modified the man page as well.
Now, if you desire numeric ports display you have to use the -P option
in addition to other options. Everything else works as before.
-Girish
? y.output
? y.tab.c
Index: pfctl.8
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
retrieving revision 1.133
diff -u -r1.133 pfctl.8
--- pfctl.8 2007/07/01 11:38:51 1.133
+++ pfctl.8 2007/12/03 01:59:39
@@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: July 1 2007 $
.Dt PFCTL 8
.Os
.Sh NAME
@@ -33,7 +33,7 @@
.Sh SYNOPSIS
.Nm pfctl
.Bk -words
-.Op Fl AdeghmNnOqRrvz
+.Op Fl AdeghmNnOPqRrvz
.Op Fl a Ar anchor
.Oo Fl D Ar macro Ns =
.Ar value Oc
@@ -315,6 +315,8 @@
.Ar device
instead of the default
.Pa /dev/pf .
+.It Fl P
+Print numeric ports instead of standard service names
.It Fl q
Only print errors and warnings.
.It Fl R
Index: pfctl.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.272
diff -u -r1.272 pfctl.c
--- pfctl.c 2007/11/27 16:22:13 1.272
+++ pfctl.c 2007/12/03 01:59:42
@@ -226,7 +226,7 @@
{
extern char *__progname;
- fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname);
+ fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname);
fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] ");
fprintf(stderr, "[-k host | network]\n");
@@ -821,7 +821,8 @@
case PFCTL_SHOW_RULES:
if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
labels = 1;
- print_rule(&pr.rule, pr.anchor_call, rule_numbers);
+ print_rule(&pr.rule, pr.anchor_call,
+ rule_numbers, opts & PF_OPT_NUMERICPORTS);
printf("\n");
pfctl_print_rule_counters(&pr.rule, opts);
break;
@@ -881,7 +882,8 @@
} else
p = &pr.anchor_call[0];
- print_rule(&pr.rule, p, rule_numbers);
+ print_rule(&pr.rule, p, rule_numbers,
+ opts & PF_OPT_NUMERICPORTS );
if (brace)
printf(" {\n");
else
@@ -938,7 +940,8 @@
dotitle = 0;
}
print_rule(&pr.rule, pr.anchor_call,
- opts & PF_OPT_VERBOSE2);
+ opts & PF_OPT_VERBOSE2,
+ opts & PF_OPT_NUMERICPORTS);
printf("\n");
pfctl_print_rule_counters(&pr.rule, opts);
pfctl_clear_pool(&pr.rule.rpool);
@@ -1305,7 +1308,8 @@
if (pf->opts & PF_OPT_VERBOSE) {
INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
print_rule(r, r->anchor ? r->anchor->name : "",
- pf->opts & PF_OPT_VERBOSE2);
+ pf->opts & PF_OPT_VERBOSE2,
+ pf->opts & PF_OPT_NUMERICPORTS);
}
path[len] = '\0';
pfctl_clear_pool(&r->rpool);
@@ -1952,7 +1956,7 @@
usage();
while ((ch = getopt(argc, argv,
- "a:AdD:eqf:F:ghi:k:K:mnNOo:p:rRs:t:T:vx:z")) != -1) {
+ "a:AdD:eqf:F:ghi:k:K:mnNOo:p:PrRs:t:T:vx:z")) != -1) {
switch (ch) {
case 'a':
anchoropt = optarg;
@@ -2041,6 +2045,10 @@
case 'p':
pf_device = optarg;
break;
+ case 'P':
+ opts |= PF_OPT_NUMERICPORTS;
+ break;
+
case 's':
showopt = pfctl_lookup_option(optarg, showopt_list);
if (showopt == NULL) {
Index: pfctl_parser.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
retrieving revision 1.235
diff -u -r1.235 pfctl_parser.c
--- pfctl_parser.c 2007/10/15 02:16:35 1.235
+++ pfctl_parser.c 2007/12/03 01:59:47
@@ -60,11 +60,11 @@
#include "pfctl.h"
void print_op (u_int8_t, const char *, const char *);
-void print_port (u_int8_t, u_int16_t, u_int16_t, const char *);
+void print_port (int, u_int8_t, u_int16_t, u_int16_t, const char *);
void print_ugid (u_int8_t, unsigned, unsigned, const char *,
unsigned);
void print_flags (u_int8_t);
void print_fromto(struct pf_rule_addr *, pf_osfp_t,
- struct pf_rule_addr *, u_int8_t, u_int8_t, int);
+ struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
int ifa_skip_if(const char *filter, struct node_host *p);
struct node_host *ifa_grouplookup(const char *, int);
@@ -316,7 +316,7 @@
}
void
-print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
+print_port(int numeric, u_int8_t op, u_int16_t p1, u_int16_t p2, const char
*proto)
{
char a1[6], a2[6];
struct servent *s;
@@ -327,7 +327,7 @@
snprintf(a1, sizeof(a1), "%u", p1);
snprintf(a2, sizeof(a2), "%u", p2);
printf(" port");
- if (s != NULL && (op == PF_OP_EQ || op == PF_OP_NE))
+ if (s != NULL && numeric == 0 && (op == PF_OP_EQ || op == PF_OP_NE))
print_op(op, s->s_name, a2);
else
print_op(op, a1, a2);
@@ -359,7 +359,7 @@
void
print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr
*dst,
- sa_family_t af, u_int8_t proto, int verbose)
+ sa_family_t af, u_int8_t proto, int verbose, int numeric)
{
char buf[PF_OSFP_LEN*3];
if (src->addr.type == PF_ADDR_ADDRMASK &&
@@ -378,7 +378,7 @@
printf("! ");
print_addr(&src->addr, af, verbose);
if (src->port_op)
- print_port(src->port_op, src->port[0],
+ print_port(numeric, src->port_op, src->port[0],
src->port[1],
proto == IPPROTO_TCP ? "tcp" : "udp");
if (osfp != PF_OSFP_ANY)
@@ -390,7 +390,7 @@
printf("! ");
print_addr(&dst->addr, af, verbose);
if (dst->port_op)
- print_port(dst->port_op, dst->port[0],
+ print_port(numeric, dst->port_op, dst->port[0],
dst->port[1],
proto == IPPROTO_TCP ? "tcp" : "udp");
}
@@ -660,7 +660,8 @@
}
void
-print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
+print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int
+numeric)
{
static const char *actiontypes[] = { "pass", "block", "scrub",
"no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr" };
@@ -787,7 +788,7 @@
printf(" proto %u", r->proto);
}
print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto,
- verbose);
+ verbose, numeric);
if (r->uid.op)
print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user",
UID_MAX);
Index: pfctl_parser.h
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.h,v
retrieving revision 1.87
diff -u -r1.87 pfctl_parser.h
--- pfctl_parser.h 2007/10/13 16:35:18 1.87
+++ pfctl_parser.h 2007/12/03 01:59:47
@@ -49,6 +49,7 @@
#define PF_OPT_OPTIMIZE 0x0800
#define PF_OPT_MERGE 0x2000
#define PF_OPT_RECURSE 0x4000
+#define PF_OPT_NUMERICPORTS 0x8000
#define PF_TH_ALL 0xFF
@@ -210,7 +211,7 @@
void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
void print_src_node(struct pf_src_node *, int);
-void print_rule(struct pf_rule *, const char *, int);
+void print_rule(struct pf_rule *, const char *, int, int);
void print_tabledef(const char *, int, int, struct node_tinithead *);
void print_status(struct pf_status *, int);
