Date: Thu, 21 May 2009 11:12:39 -0700 From: Julian Elischer <julian@elischer.org> To: Freddie Cash <fjwcash@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Does ipfw support interface groups? Message-ID: <4A159997.9080604@elischer.org> In-Reply-To: <b269bc570905211022y2a6fe928v5501edabc1e42dce@mail.gmail.com> References: <9a542da30905210720y50fafe59ld3459c9e76ef5824@mail.gmail.com> <20090521150113.GA47160@onelab2.iet.unipi.it> <b269bc570905210849s202084d2h15e991683d1b112b@mail.gmail.com> <20090521164225.GB50606@onelab2.iet.unipi.it> <b269bc570905211022y2a6fe928v5501edabc1e42dce@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Freddie Cash wrote: > Skipto is very powerful, and we use it in some cases. But I try not > to use it very often, as it can lead to spaghetti rules that are hard > to follow. :) We have one firewall where it takes a good 10 minutes > to track the path a packet takes through the rulelist, as there are so > many skipto rules and multiple interfaces/vlans (it's scheduled for a > rewrite this summer). don't forget you can now do a skipto tablearg :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A159997.9080604>