Date: Sun, 14 Aug 2016 20:44:18 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: freebsd-ipfw@freebsd.org Subject: Auto-numbered rules with state or table opcodes are printed-out as ""number 00000" on addition Message-ID: <792926564.20160814204412@serebryakov.spb.ru> In-Reply-To: <1211733990.20160814202656@serebryakov.spb.ru> References: <1812167147.20160814202008@serebryakov.spb.ru> <1211733990.20160814202656@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hello Lev, Sunday, August 14, 2016, 8:27:02 PM, you wrote: When auto-numbering is used, all rules with any keep-state/check-state or table opcodes is printed out as number 00000 on addition, like this: add 11000 allow dst-ip MCAST // Allow incoming multicast add deny not dst-ip SKYNET_IP // Before NAT it should be to this specific me! add deny src-ip table(intip4) // And it should be not from strange addresses add deny src-ip table(bans) // And it should not be banned add allow src-ip HE_IPV4_TUN proto ipv6 // IPv6 tunneling through this interface add nat SKYNET_NAT // De-NAT add check-state // Make things faster add skipto 30000 // Allowed local services - common block add deny // Safeguard 11000 allow ip from any to any dst-ip 224.0.0.0/4 // Allow incoming multicast 11010 deny ip from any to any not dst-ip 94.19.235.70 // Before NAT it should be to this specific me! 00000 deny ip from any to any src-ip table(intip4) // And it should be not from strange addresses 00000 deny ip from any to any src-ip table(bans) // And it should not be banned 11040 allow ip from any to any src-ip 216.66.80.26 proto ipv6 // IPv6 tunneling through this interface 11050 nat 1 ip from any to any // De-NAT Line 133: Ambiguous state name '//', 'default' used instead. : No error: 0 00000 check-state default 11070 skipto 30000 ip from any to any // Allowed local services - common block 11080 deny ip from any to any // Safeguard They, really, got proper numbers, but "ipfw" output looks strange. -- Best regards, Lev mailto:lev@FreeBSD.org [-- Attachment #2 --] -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJXsK3yXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePwPUP/AkNnfIASQfn6JRY74kEH6WB 2aWDxzmrh7vu70HGPYkoR3GdUh6Q6Mn87Qbl2Rlw7xw7MPzE8k1ZNNnFVy3ww1KC h00pK0FEwEgUjE5CopvinNU+xaA1ma5Cky0EP63XI5qMfOCUhc+3b0R+i6vOMRFc NymGMFhnaZE8xTGXmQv/FQeUvsZgmdVTGEk51O8U6FasN7hb5j5apl18ExQfKhIV olsqQdU912GUGt8g7WVMTEfqVMgSdhF7V7ouaiI8w/rwSD6W4wkN9ohHbycL/+ON rOcfKI61wz9Bl0sZF8IfUKNDHDTqhfGjdbpStFwJluW78kmWjWhAZPvUnDt8D2Z+ 6TbQPZhS7qJ9MlwxD8KBcWiFXkUNUOPga6pLynon7UNzGCkR4iv4tLqY/omNvQjf X1TYwSEQeWd0tmI3rNBicIvj3xc+daTD/7Pk6oYmW1i2BNbFtBOO69OHHXTr+24t afpkJvXamM+8f5nvLyjjExMi+Quj2EkN5Kt0+aYjWu6mqvTr/NYqgrooLvDrD0Mp woay2Zk0UmL6waH7kV4EXiZ5Bb1TMPMHv0WOpqYdFbEj7WM4WcoSVM3SDyYLT1UI s1EIM1Yv3TtvyrQkYnL2LsbO5T10DhBgWms2dGoACSDXrV1yyKH84FddCmwycrej gEQJt+qtBot7vyC60oDe =Q/WW -----END PGP MESSAGE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?792926564.20160814204412>