Date: Sat, 03 Feb 1996 13:49:25 -0700 From: Warner Losh <imp@village.org> To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> Cc: current@freebsd.org Subject: Re: ip_fw ordering of rules.. Message-ID: <199602032049.NAA13034@rover.village.org> In-Reply-To: Your message of Fri, 02 Feb 1996 16:49:09 PST
next in thread | raw e-mail | index | archive | help
: Enough said??? Can we remove the sorting PLEASE?? We aren't using IPFW right now because it reorders rules. This is completely *EVIL*, as Rod said, and our firewall marshall punted when he saw this feature of IPFW and went to IPFILT, which seems to have tied us to 1.1.5.1R, which isn't necessarily bad, but isn't necessarily good either... Our rules right now look like: allow port 21 to ir allow port 25 to ir ... disallow all which most sane people would consider means "Allow FTP and TELNET to ir, but nothing else is allowed at all." As far as we've been able to determine, IPFW doens't allow this to work properly, and is therefore nearly useless as a firewall. I agree with Rod. Let's take the sorting out! Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602032049.NAA13034>