Date: Wed, 17 Sep 2014 07:58:47 -0700 From: Freddie Cash <fjwcash@gmail.com> To: Willem Jan Withagen <wjw@digiware.nl> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>, bycn82 <bycn82@gmail.com> Subject: Re: IPFW rule sets and automatic rule numbering Message-ID: <CAOjFWZ68P8mRmanBKdpc_=GQ1vWUhd3G00MvKKWHPpHSLJoA_A@mail.gmail.com> In-Reply-To: <CAOjFWZ4yhLd=kSLAnSYR=%2BoG3CW5HuptWOGPMbzamS7EHvavng@mail.gmail.com> References: <CAOjFWZ4rx4FAc4AoPw3d=cSg4-z_QOWEF=phkT2PuzfUjn0y5A@mail.gmail.com> <CAOjFWZ6i1%2BgCZ9jMnBNEGqL7airdxN3d=B0__Z_Zj1gGG4APKg@mail.gmail.com> <541469D4.6070107@gmail.com> <CAOjFWZ749EazFz1prFRfidp9bqmqO%2B=%2BXFsu7mVtE%2Bnq2CxwKw@mail.gmail.com> <54156FBB.1030907@digiware.nl> <CAOjFWZ4yhLd=kSLAnSYR=%2BoG3CW5HuptWOGPMbzamS7EHvavng@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Just to summarise everything: 1. Automatic rule numbering works beautifully if you only ever use the default rule set (set 0). Meaning, if you don't use any set commands at all. 2. If you manually number every rule, then using rule sets works beautifully. 3. Doing a little set manipulation allows you to load updated rules without disconnecting anyone or dropping any packets: disable set 1 load rules into set 1 enable set 1 swap set 1 0 disable set 1 I understand how everything works a little bit better now. Thanks for all the help and pointers and discussion. -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ68P8mRmanBKdpc_=GQ1vWUhd3G00MvKKWHPpHSLJoA_A>