From owner-freebsd-security Thu May 10 9:51:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id AA31F37B422 for ; Thu, 10 May 2001 09:51:39 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 59052 invoked by uid 1000); 10 May 2001 16:51:05 -0000 Date: Thu, 10 May 2001 19:51:05 +0300 From: Peter Pentchev To: Nate Williams Cc: Dag-Erling Smorgrav , Michael Sharp , FreeBSD-security@FreeBSD.ORG Subject: Re: ipfw Message-ID: <20010510195105.D56859@ringworld.oblivion.bg> Mail-Followup-To: Nate Williams , Dag-Erling Smorgrav , Michael Sharp , FreeBSD-security@FreeBSD.ORG References: <20010509200335.7680.cpmta@c000.sfo.cp.net> <15097.44366.138725.618271@nomad.yogotech.com> <15098.50218.467751.103251@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15098.50218.467751.103251@nomad.yogotech.com>; from nate@yogotech.com on Thu, May 10, 2001 at 10:39:06AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, May 10, 2001 at 10:39:06AM -0600, Nate Williams wrote: > > > Not true. Rules are processed in order, and if you don't give a rule > > > number I don't know the order that a rule is inserted on the list. > > > > The new rule is inserted at highest existing rule number (except > > 65535) + 100. > > Ahh, this explains why the new rules aren't being seen (because of rule > 65000). > > I would have thought the rules would have been added to the 'top' of the > ruleset. Nope, they're added to the bottom, so that if you add several rules one by one, they'll be executed in the order you added them. G'luck, Peter -- This would easier understand fewer had omitted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message