Date: Wed, 8 Jan 2003 19:00:05 -0500 From: "Scott M. Nolde" <scott@smnolde.com> To: Gregory Bond <gnb@itga.com.au> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Feature Request Message-ID: <20030109000005.GB15778@smnolde.com> In-Reply-To: <200301082231.JAA17004@lightning.itga.com.au> References: <200301082231.JAA17004@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Gregory Bond(gnb@itga.com.au)@2003.01.09 09:31:43 +0000: > ?Has there been consideration to make a "relative skip" function > > > Any comments? > > Horrible idea. Rules can be added and deleted in the gap, which silently > changes the meaning of your firewall ruleset. A maintenance nightmare. > > And, as far as I can see, no redeeming features to compensate for the almost > certain foot-shooting this would allow. I don't see it that way. I work in process automation and in our modular programming language we have this capability to skip a number of "blocks" or "jump out" of the program. I understand that rules can be added and removed, but in most cases, once the ruleset is "stable" nothing much changes. Having a relative skip would help me since I have written a number of ipfw-based firewall scripts which could benefit from a relative skip. As you perceive it to become a maintenance nightmare, I see it as a potential benefit. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030109000005.GB15778>