From owner-freebsd-hackers Wed Nov 26 18:44:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA25311 for hackers-outgoing; Wed, 26 Nov 1997 18:44:17 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from mail.cdsnet.net (mail.cdsnet.net [204.118.244.5]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA25256 for ; Wed, 26 Nov 1997 18:44:00 -0800 (PST) (envelope-from mrcpu@cdsnet.net) Received: from mail.cdsnet.net (mail.cdsnet.net [204.118.244.5]) by mail.cdsnet.net (8.8.6/8.8.6) with SMTP id SAA25785 for ; Wed, 26 Nov 1997 18:43:55 -0800 (PST) Date: Wed, 26 Nov 1997 18:43:55 -0800 (PST) From: Jaye Mathisen To: hackers@freebsd.org Subject: How many rules maximum in ipfw? Oh wait, comment... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk My ipfw -a list is coming out at exactly 1024 lines, which tain't enough... (and isn't showing all the rules I have defined). I looked at ip_fw.h in /sys/netinet, and didn't see a constant that limited the length of the rule chain. Given that you can have rule numbers 65000, I would've assumed you could really have that many rules. Need more input... WHere is this sucker at? I'm really only using it for IP accounting, not actually filtering anything at this moment in time. If it has an impact on run-time performance, perhaps it can be set in make.conf ala TOP's user list? Or in the kernel config file? Oh wait, better check ipfw. Yep, there it is, in list(ac,av). It statically sets it to 1024... Perhaps this can be raised to a higher number in the source tree, or maybe user-definable as listed above, or maybe a command-line parameter? I'll hack it, just somebody tell me what makes the most sense.