From owner-freebsd-current  Thu Feb  1 09:58:31 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id JAA13911
          for current-outgoing; Thu, 1 Feb 1996 09:58:31 -0800 (PST)
Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA13901
          for <current@freebsd.org>; Thu, 1 Feb 1996 09:58:27 -0800 (PST)
Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id LAA20341; Thu, 1 Feb 1996 11:01:04 -0700
Date: Thu, 1 Feb 1996 11:01:04 -0700
From: Nate Williams <nate@sri.MT.net>
Message-Id: <199602011801.LAA20341@rocky.sri.MT.net>
To: Poul-Henning Kamp <phk@critter.tfs.com>
Cc: current@freebsd.org
Subject: Re: ip_fw ordering of rules..
In-Reply-To: <8371.823178002@critter.tfs.com>
References: <8371.823178002@critter.tfs.com>
Sender: owner-current@freebsd.org
Precedence: bulk

> Does anybody but me find the ordering IP_FW does weird ?

Yep.

> I'd like to kick it out entirely, but at least an option to
> disable it is in order...
> 
> What do other users of it think ?

I'm with you.  Ugen was supposed to be adding code to allow folks to
explicitly set some sort of priority (my wording, not his) so that folks
who understand the code could set up the ordering, but I think anyone
capable of seting up a firewall should understand that the order of
rules is important.

I've got a patch someone posted if you want it.  It's two lines of
code. :)


Nate