Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Dec 2000 10:27:24 +0000
From:      Antony T Curtis <antony@abacus.co.uk>
To:        =?iso-8859-1?Q?R=E9mi?= Guyomarch <rguyom@pobox.com>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: IPFIREWALL or IPFILTER?
Message-ID:  <3A35FD8C.AE17D589@abacus.co.uk>
References:  <Pine.BSF.4.21.0012031955270.59659-100000@ipamzlx.physik.uni-mainz.de> <00dd01c05e2e$e42a0700$0b6cffc8@infolink.com.br> <20001209112247.A22773@diabolic-cow.chatgris.net> <002301c062bd$2aeb0440$0b6cffc8@infolink.com.br> <20001210202817.C22773@diabolic-cow.chatgris.net> <20001210200204.I86825@elvis.mu.org> <20001211072244.H22773@diabolic-cow.chatgris.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Rémi Guyomarch wrote:

<snip>

> Without 'quick' in 'head' rules, ipf will process the entiere group 10
> rules, and will continue with the next, non-group rule (the first rule
> in [...some other rules...]).
> Yes, you can achieve the same thing with 'skipto' but at some point
> you will start to have troubles managing rules numbering...

I wrote a perl script to "validate" my rules before I apply them (and
toast a box which could be miles away and inaccessible).
Part of the functionality of the script is that I can assign labels and
it would manage the rule numbering - allows me to make some exceedingly
flexible rules using skipto :)

<snip>

-- 
ANTONY T CURTIS                     Tel: +44 (1635) 36222
Abacus Polar Holdings Ltd           Fax: +44 (1635) 38670
> Practical people would be more practical if they would take a little
> more time for dreaming.
> 		-- J. P. McEvoy


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A35FD8C.AE17D589>