From owner-freebsd-current Thu Jan 16 05:06:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id FAA20150 for current-outgoing; Thu, 16 Jan 1997 05:06:43 -0800 (PST) Received: from veda.is (ubiq.veda.is [193.4.230.60]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id FAA20145 for ; Thu, 16 Jan 1997 05:06:39 -0800 (PST) Received: (from adam@localhost) by veda.is (8.8.4/8.7.3) id NAA16792; Thu, 16 Jan 1997 13:15:24 GMT Date: Thu, 16 Jan 1997 13:15:24 GMT From: Adam David Message-Id: <199701161315.NAA16792@veda.is> To: nate@mt.sri.COM (Nate Williams) Cc: freebsd-current@freebsd.org Subject: Re: ipfw cannot do this... Newsgroups: list.freebsd.current References: <199701151919.MAA06300@rocky.mt.sri.com> X-Newsreader: NN version 6.5.0 #2 (NOV) Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Why not 'add' acceptance hosts and then restrict everything after that. >Since ipfw goes until it gets a match, it'll work fine that way. Why exclude with a whole bunch of rules (each of which takes a little processing time), when a single inverted rule can do the same job more cleanly? -- Adam David