Date: Wed, 13 Sep 2006 08:23:25 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: "Jin Guojun [VFFS]" <j_guojun@lbl.gov> Cc: ipfw@freebsd.org Subject: Re: maximum deny entries? Message-ID: <450787BD.6050704@yandex.ru> In-Reply-To: <4507539A.5000502@lbl.gov> References: <4507539A.5000502@lbl.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
Jin Guojun [VFFS] wrote: > I am not sure if this is a bug or is there some limitation for total > deny entry, > when the deny list exceeds a certain length (36 lines at this case), > ipfw stop working (see the *** line below). > # ipfw list > ...all non deny entries are removed > 00361 deny ip from 202.124.17.215 to any ... > 00364 deny ip from 71.135.96.85 to any > 00364 deny ip from 71.135.41.68 to any > 00364 deny ip from 71.135.35.252 to any > 00364 deny ip from 71.135.178.215 to any First, try an ipfw logging rules for each rule and at the end of rules. Second, you can use ipfw tables and replace all your rules with one. -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?450787BD.6050704>