From owner-freebsd-security@FreeBSD.ORG Mon Feb 28 15:19:26 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0214716A4F3 for ; Mon, 28 Feb 2005 15:19:26 +0000 (GMT) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EFFF43D64 for ; Mon, 28 Feb 2005 15:19:23 +0000 (GMT) (envelope-from des@des.no) Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0ICM00H7FNNC21E0@bgo1smout1.broadpark.no> for freebsd-security@freebsd.org; Mon, 28 Feb 2005 16:14:00 +0100 (CET) Received: from dsa.des.no ([80.203.228.37]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0ICM00CXVNZRQYB0@bgo1sminn1.broadpark.no> for freebsd-security@freebsd.org; Mon, 28 Feb 2005 16:21:27 +0100 (CET) Received: by dsa.des.no (Pony Express, from userid 666) id D1AB54535E; Mon, 28 Feb 2005 16:19:20 +0100 (CET) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id DB3FF4516C; Mon, 28 Feb 2005 16:19:00 +0100 (CET) Received: by xps.des.no (Postfix, from userid 1001) id BF51033C3E; Mon, 28 Feb 2005 16:19:00 +0100 (CET) Date: Mon, 28 Feb 2005 16:19:00 +0100 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <20050227195159.GA93630@gate.oper.dinoex.org> To: Peter Much Message-id: <86sm3ghfvf.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on dsa.des.no References: <20050227195159.GA93630@gate.oper.dinoex.org> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.1 X-Spam-Level: cc: freebsd-security@freebsd.org Subject: Re: ipfw deny or reject - not just a matter of taste? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2005 15:19:26 -0000 Peter Much writes: > Maybe such things may already happen when reloading rules - that depends > on their sequence and individual layout. So it really is a good thing that > ipfw provides the atomic functions for shifting sets of rules. Look for 'ipfw set' in the ipfw man page. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no