Date: Fri, 26 Jan 2007 03:28:21 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org> Cc: freebsd-questions@freebsd.org Subject: Re: Problem with "ipfw flush" Message-ID: <Pine.BSF.3.96.1070126030400.6816A-100000@gaia.nimnet.asn.au> In-Reply-To: <20070125102330.F55095@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Jan 2007, Dan Mahoney, System Admin wrote:
> On Fri, 26 Jan 2007, Ian Smith wrote:
>
> Excellent. I'll read up on this for a bit.
I've been reading man ipfw for years, but every time find something new :)
> I suppose my biggest confusion was as to why I could do:
>
> kldload ipfw && ipfw add 65000 allow ip from any to any
>
> but not
>
> ipfw flush && ipfw add 65000 allow ip from any to any
>
> Clearly, the devil is in the output being sent.
>
> Also, the manpage had -q and -f as mutually exclusive, and I missed the
> part about -q implying -f.
I guess the syntax 'ipfw [-f | -q] flush' does imply exclusivity, though
'ipfw -q -f flush' must work fine, when $fwcmd can be 'ipfw -q' ..
> There IS one other issue that I encountered. I have tables and pipes in
> play, and I believe a regular ipfw flush doesn't clear them. Is there a
> universal "reset EVERYTHING" command?
I'm yet to use tables or pipes so can't say, except to see ipfw(8) has:
ipfw table number flush
and
ipfw [-s [field]] {pipe | queue} {delete | list | show} [number ...]
Cheers, Ian
[..]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1070126030400.6816A-100000>