From owner-freebsd-ipfw@FreeBSD.ORG  Tue Feb 19 04:20:04 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4499716A418
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 19 Feb 2008 04:20:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 3204B13C45A
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 19 Feb 2008 04:20:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1J4K24Z041781
	for <freebsd-ipfw@freefall.freebsd.org>; Tue, 19 Feb 2008 04:20:03 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1J4K2jG041780;
	Tue, 19 Feb 2008 04:20:02 GMT (envelope-from gnats)
Date: Tue, 19 Feb 2008 04:20:02 GMT
Message-Id: <200802190420.m1J4K2jG041780@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Eugene Grosbein <eugen@kuzbass.ru>
Cc: 
Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eugene Grosbein <eugen@kuzbass.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 04:20:04 -0000

The following reply was made to PR bin/120720; it has been noted by GNATS.

From: Eugene Grosbein <eugen@kuzbass.ru>
To: Julian Elischer <julian@elischer.org>
Cc: Vadim Goncharov <vadim_nuclight@mail.ru>, freebsd-ipfw@freebsd.org,
        bug-followup@freebsd.org
Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list
Date: Tue, 19 Feb 2008 11:10:37 +0700

 On Mon, Feb 18, 2008 at 10:32:32AM -0800, Julian Elischer wrote:
 
 > that was me..
 > It is my memory that
 > before that time tableargs were only used in 16 bit form.
 > there were no users in ipfw of the full 32 bit field.
 
 In RELENG_4, they are 32bit.
 
 > I did not consider that someone would put a 32 bit number
 > in there just to print it out again.
 > (what would you do that for?)
 
 It's very suitable for automatic time-bounded blocking.
 A trigger adds IP being blocked to ipfw table with 32-bit value
 that is "time-to-live" value for this table entry, and there is a rule
 like this:
 
 ipfw add 1000 deny ip from 'table(1)' to any
 
 Cron periodically runs another script that lists the table
 and removes entries with time in the past.
 
 Thank you for fixing that!
 
 Eugene Grosbein