Date: Tue, 26 Dec 2006 12:18:51 +0200 (EET) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: =?UTF-8?B?VsOhY2xhdiBIYWlzbWFu?= <V.Haisman@sh.cvut.cz> Cc: stable@freebsd.org, Kevin Downey <redchin@gmail.com>, Scott Ullrich <sullrich@gmail.com> Subject: Re: Duplicate IPFW rules Message-ID: <20061226120838.M28171@atlantis.atlantis.dp.ua> In-Reply-To: <458AEC99.1040003@sh.cvut.cz> References: <458AD815.3010601@sh.cvut.cz> <1d3ed48c0612211144s631e2cendbfcfb6acfae9ef1@mail.gmail.com> <458AE623.4070701@sh.cvut.cz> <d5992baf0612211205k5cc2c81dod95d448706396b96@mail.gmail.com> <458AEC99.1040003@sh.cvut.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Thu, 21 Dec 2006, Vclav Haisman wrote: >> One example feature is to be able to delete many rules at once. If >> you know that a specific rule number holds rules (example: time based >> rules) then the script has less work to do. Now granted since sets >> where introduced this can be done via this method but this feature has >> been useful (at least to me) for years and years now. >> >> Scott > Oh, I did not realise this use. Hmm...still, I thought that this is what > tables are for :) The ability to have several distinct ipfw rules with the same rule_number is also useful for the purposes of traffic accounting. Say, you should tally traffic received via some interface + traffic from the proxy-server together for some user: ipfw add 3000 count all from any to user in recv ext0 ipfw add 3000 count tcp from proxy 3128 to user out and just teach the traffic accounting utility to sum up byte counts for the rules with the same number. Very handy, and not doable via lookup tables. > VH Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061226120838.M28171>