From owner-freebsd-ipfw@FreeBSD.ORG  Wed Sep 17 14:58:48 2014
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 51FEA5B9
 for <freebsd-ipfw@freebsd.org>; Wed, 17 Sep 2014 14:58:48 +0000 (UTC)
Received: from mail-oa0-x22d.google.com (mail-oa0-x22d.google.com
 [IPv6:2607:f8b0:4003:c02::22d])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1719498D
 for <freebsd-ipfw@freebsd.org>; Wed, 17 Sep 2014 14:58:48 +0000 (UTC)
Received: by mail-oa0-f45.google.com with SMTP id i7so1228170oag.18
 for <freebsd-ipfw@freebsd.org>; Wed, 17 Sep 2014 07:58:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=ko07nLc8w4xqH9h9oYOikLzswn04n315NoA00NfbQYA=;
 b=dmxCNPTjheWy9AGLahBoquFrX4MsBspmZAFe4YjlUg0Auf3JsN0BrjBGZdgDpzhiFz
 HAO14801Q0fTq+uaethjuBZar7vIzq9aDRcq2bfunWsggBgKhcNR9wjsun6Ui4Z66oP+
 0Pk1a42nYncZxJM1XMbyhTaxIze7u2a/Wmg/iO/+6Gq9RTU+E8fd/4AiuDxFBFPZpZLE
 3tKzb6sH47bXQ2x/ZvSYQnLmw7Frt55+8T+AMK+YC1q5ByptTSo7cBmvlCrO9E4oYrRN
 ZMkgFfWtGFC4i4AWT8AULurAfBkcGv/0IkLcdjLTKhRatdvtoEtBHjl2hsUrklyers2V
 04LA==
MIME-Version: 1.0
X-Received: by 10.182.27.40 with SMTP id q8mr3171373obg.86.1410965927443; Wed,
 17 Sep 2014 07:58:47 -0700 (PDT)
Received: by 10.202.199.11 with HTTP; Wed, 17 Sep 2014 07:58:47 -0700 (PDT)
In-Reply-To: <CAOjFWZ4yhLd=kSLAnSYR=+oG3CW5HuptWOGPMbzamS7EHvavng@mail.gmail.com>
References: <CAOjFWZ4rx4FAc4AoPw3d=cSg4-z_QOWEF=phkT2PuzfUjn0y5A@mail.gmail.com>
 <CAOjFWZ6i1+gCZ9jMnBNEGqL7airdxN3d=B0__Z_Zj1gGG4APKg@mail.gmail.com>
 <541469D4.6070107@gmail.com>
 <CAOjFWZ749EazFz1prFRfidp9bqmqO+=+XFsu7mVtE+nq2CxwKw@mail.gmail.com>
 <54156FBB.1030907@digiware.nl>
 <CAOjFWZ4yhLd=kSLAnSYR=+oG3CW5HuptWOGPMbzamS7EHvavng@mail.gmail.com>
Date: Wed, 17 Sep 2014 07:58:47 -0700
Message-ID: <CAOjFWZ68P8mRmanBKdpc_=GQ1vWUhd3G00MvKKWHPpHSLJoA_A@mail.gmail.com>
Subject: Re: IPFW rule sets and automatic rule numbering
From: Freddie Cash <fjwcash@gmail.com>
To: Willem Jan Withagen <wjw@digiware.nl>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>,
 bycn82 <bycn82@gmail.com>
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2014 14:58:48 -0000

Just to summarise everything:

1.  Automatic rule numbering works beautifully if you only ever use the
default rule set (set 0).  Meaning, if you don't use any set commands at
all.

2.  If you manually number every rule, then using rule sets works
beautifully.

3.  Doing a little set manipulation allows you to load updated rules
without disconnecting anyone or dropping any packets:
  disable set 1
  load rules into set 1
  enable set 1
  swap set 1 0
  disable set 1

I understand how everything works a little bit better now.  Thanks for all
the help and pointers and discussion.

-- 
Freddie Cash
fjwcash@gmail.com