From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 18 00:34:46 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E989D331 for ; Thu, 18 Sep 2014 00:34:46 +0000 (UTC) Received: from mail-pd0-x230.google.com (mail-pd0-x230.google.com [IPv6:2607:f8b0:400e:c02::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B7E7EEB6 for ; Thu, 18 Sep 2014 00:34:46 +0000 (UTC) Received: by mail-pd0-f176.google.com with SMTP id g10so200601pdj.7 for ; Wed, 17 Sep 2014 17:34:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=2gIJyd7N8qLfOeLpNDe2pQASzqsZyk501n5zvcUh534=; b=Y06ijJ1Rj30Pxb/yQPQbopvfFBCy1HFnvNZFRKE9to+DJ/012DTmxHzXWxG9gqRnyo kfVqRl2Dt60Q38NrfWhbPkgr1f2W88D7cSBCBeRr0dv1GGBnQ8OTyNmdIfjIoMKlSDYD kKweSHTeCHNehZkmZrhnq+0S3Mssj60yJPnKsuznWx0jdh2Qu4i3+26Hl6Su6uxxG4hN qZch6mUUE9RfkSe68uKhPOvZUR/ERrLYMb/Fzb9ghv8Lt4doOTo+gy/FgHcLuqCbtfnj NOpPC22KdDXVgZokaOL/lLjlQWKq6CNFEHQVJgGOkfpUUhwnE3W3oODpXpWBxoRywyHd ULYg== X-Received: by 10.68.69.33 with SMTP id b1mr1129055pbu.59.1411000485931; Wed, 17 Sep 2014 17:34:45 -0700 (PDT) Received: from [192.168.1.99] ([183.90.37.7]) by mx.google.com with ESMTPSA id ti8sm9153607pac.20.2014.09.17.17.34.42 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Sep 2014 17:34:45 -0700 (PDT) Message-ID: <541A28A3.2090300@gmail.com> Date: Thu, 18 Sep 2014 08:34:43 +0800 From: bycn82 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: Freddie Cash , Willem Jan Withagen Subject: Re: IPFW rule sets and automatic rule numbering References: <541469D4.6070107@gmail.com> <54156FBB.1030907@digiware.nl> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-ipfw@freebsd.org" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2014 00:34:47 -0000 On 9/17/14 22:58, Freddie Cash wrote: > Just to summarise everything: > > 1. Automatic rule numbering works beautifully if you only ever use > the default rule set (set 0). Meaning, if you don't use any set > commands at all. > > 2. If you manually number every rule, then using rule sets works > beautifully. > > 3. Doing a little set manipulation allows you to load updated rules > without disconnecting anyone or dropping any packets: > disable set 1 > load rules into set 1 > enable set 1 you dont need below steps. > swap set 1 0 > disable set 1 > > I understand how everything works a little bit better now. Thanks for > all the help and pointers and discussion. > > -- > Freddie Cash > fjwcash@gmail.com