Date: Wed, 14 Jan 2004 18:04:45 +0100 From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no> To: "Luigi Rizzo" <rizzo@icir.org>, <ipfw@freebsd.org> Subject: RE: semantics of 'not-applicable' options in ipfw ? Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F5D9779@exchange.wanglobal.net>
next in thread | raw e-mail | index | archive | help
=20 > As the subject says... what is people's opinion on the best=20 > semantics for 'not-applicable' options in ipfw rules ? >=20 > As an example, if i say (using ipfw2 syntax, for simplicity) >=20 > 100 count src-port 100 > 200 count not src-port 100 >=20 It is in my opinion that people in general interpret this=20 example to count tcp/udp packets from (src-port=3D=3D100) and (src-port!=3D100), despite the man page. For example; 100 count src-port 100 200 count src-port not 100 I also believe that "via" option also causes the same kind of = confussion. By the way, do you have any plans to implement a tag/flag system? ( example: 100 flag 100 src-port 100 200 allow flag 100 ) _// Sten Daniel S=F8rsdal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0AF1BBDF1218F14E9B4CCE414744E70F5D9779>