From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 25 16:28:32 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D200916A403
	for <freebsd-questions@freebsd.org>;
	Thu, 25 Jan 2007 16:28:32 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
	by mx1.freebsd.org (Postfix) with ESMTP id 375E513C474
	for <freebsd-questions@freebsd.org>;
	Thu, 25 Jan 2007 16:28:30 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (smithi@localhost)
	by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with SMTP id DAA08250;
	Fri, 26 Jan 2007 03:28:21 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Fri, 26 Jan 2007 03:28:21 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
In-Reply-To: <20070125102330.F55095@prime.gushi.org>
Message-ID: <Pine.BSF.3.96.1070126030400.6816A-100000@gaia.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-questions@freebsd.org
Subject: Re: Problem with "ipfw flush"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2007 16:28:32 -0000

On Thu, 25 Jan 2007, Dan Mahoney, System Admin wrote:

 > On Fri, 26 Jan 2007, Ian Smith wrote:
 > 
 > Excellent.  I'll read up on this for a bit.

I've been reading man ipfw for years, but every time find something new :)

 > I suppose my biggest confusion was as to why I could do:
 > 
 > kldload ipfw && ipfw add 65000 allow ip from any to any
 > 
 > but not
 > 
 > ipfw flush && ipfw add 65000 allow ip from any to any
 > 
 > Clearly, the devil is in the output being sent.
 > 
 > Also, the manpage had -q and -f as mutually exclusive, and I missed the 
 > part about -q implying -f.

I guess the syntax 'ipfw [-f | -q] flush' does imply exclusivity, though
'ipfw -q -f flush' must work fine, when $fwcmd can be 'ipfw -q' ..

 > There IS one other issue that I encountered.  I have tables and pipes in 
 > play, and I believe a regular ipfw flush doesn't clear them.  Is there a 
 > universal "reset EVERYTHING" command?

I'm yet to use tables or pipes so can't say, except to see ipfw(8) has:

  ipfw table number flush
and
  ipfw [-s [field]] {pipe | queue} {delete | list | show} [number ...]

Cheers, Ian

[..]