Date: Fri, 23 Feb 1996 16:48:31 +0100 From: Poul-Henning Kamp <phk@critter.tfs.com> To: Nate Williams <nate@sri.MT.net> Cc: Poul-Henning Kamp <phk@freefall.freebsd.org>, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/conf files src/sys/netinet ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c ip_fwdef.c src/sys/i386/conf LINT Message-ID: <2965.825090511@critter.tfs.com> In-Reply-To: Your message of "Fri, 23 Feb 1996 08:40:24 MST." <199602231540.IAA21468@rocky.sri.MT.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Poul-Henning Kamp writes: > > phk 96/02/23 07:26:15 > > Log: > > Big sweep over the IPFIREWALL and IPACCT code. > > > > Close the ip-fragment hole. > > Waste less memory. > > Rewrite to contemporary more readable style. > > Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. > > Filter incoming >and< outgoing packets. > > I thought it was filtering both? It seems to be filtering both on my > end, or is it only filtering the reply? Does this mean that UDP traffic > has been 'leaking' out on me? Yes, it only filtered incoming traffic. Now it does both. > > Replace "policy" by sticky "deny all" rule. > > Rules have numbers used for ordering and deletion. > > Can you describe this one more fully? How does this affect ordering? > Is it a priority based scheme, which allows a person to 'reorder' the > rules by hand? (I hope so since I whined at Ugen about it a long time > ago). No, It simply means that the list is sorted >only< according to a rule number you specify (RSN) when you create the rule. Giving a number of 0 (which is what you do until ipfw(8) gets fixed) means append, just before the "policy rule" and auto number 100 bigger than the previous rule. You delete rules by this number too. The result is hopefully that >you< decide the order. Think of it as BASIC line-numbers :-) -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2965.825090511>