From owner-freebsd-ipfw@freebsd.org  Thu Feb  2 14:52:43 2017
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F93DCCD5D4
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Thu,  2 Feb 2017 14:52:43 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8E7DE921
 for <freebsd-ipfw@freebsd.org>; Thu,  2 Feb 2017 14:52:40 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id v12EqTvp005303;
 Fri, 3 Feb 2017 01:52:29 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Fri, 3 Feb 2017 01:52:29 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Francisco Ramon <franciscoramonhr79@gmail.com>
cc: freebsd-ipfw@freebsd.org
Subject: Re: Reload rules
In-Reply-To: <CAFNX+5tD1-PmJsBMB_ewUHXdydvmRq1_DMmbsu-qOS97j8-mpQ@mail.gmail.com>
Message-ID: <20170203014041.K33334@sola.nimnet.asn.au>
References: <CAFNX+5tD1-PmJsBMB_ewUHXdydvmRq1_DMmbsu-qOS97j8-mpQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 14:52:43 -0000

On Thu, 2 Feb 2017 12:08:31 -0200, Francisco Ramon wrote:

 > Hello!

 > I´m trying to biuld a IPFW script and i´m using some dynamic rules 
 > (with keep-state). The problem occur when I need to restart the 
 > script, to reload new or eddited rules... When I execute the "ipfw -f 
 > flush", off course dynamic rules are erased. The problem is: Some or 
 > all of then in my case, should not be erased. Is there any 
 > possibility to reload the rules, keeping the dynamic rules?

I don't know (by trying it) whether this will work, but ipfw(8) says:

     set set_number
	[..]
	Set 31 is special in that it cannot be disabled, and rules in set
	31 are not deleted by the ipfw flush command (but you can delete
	them with the ipfw delete set 31 command).  Set 31 is also used
	for the default rule.

So you could try adding your dynamic rules to set 31 and check that they 
(and unexpired dynamic flows) survive a flush, with 'ipfw -ted show' ?

cheers, Ian