From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 13 00:38:34 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 441DA16A416 for ; Wed, 13 Sep 2006 00:38:34 +0000 (UTC) (envelope-from j_guojun@lbl.gov) Received: from smtp102.sbc.mail.mud.yahoo.com (smtp102.sbc.mail.mud.yahoo.com [68.142.198.201]) by mx1.FreeBSD.org (Postfix) with SMTP id DE80A43D49 for ; Wed, 13 Sep 2006 00:38:33 +0000 (GMT) (envelope-from j_guojun@lbl.gov) Received: (qmail 63027 invoked from network); 13 Sep 2006 00:38:33 -0000 Received: from unknown (HELO ?192.168.2.8?) (jinmtb@sbcglobal.net@68.127.178.237 with plain) by smtp102.sbc.mail.mud.yahoo.com with SMTP; 13 Sep 2006 00:38:32 -0000 Message-ID: <4507539A.5000502@lbl.gov> Date: Tue, 12 Sep 2006 17:40:58 -0700 From: "Jin Guojun [VFFS]" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050108 X-Accept-Language: en, zh, zh-CN MIME-Version: 1.0 To: ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: maximum deny entries? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2006 00:38:34 -0000 I am not sure if this is a bug or is there some limitation for total deny entry, when the deny list exceeds a certain length (36 lines at this case), ipfw stop working (see the *** line below). This is on 6.1-R i386 platform. Is there know problem on this issue? or Did I made some mistake? Please CC to me since I am not on the list. -Jin # ipfw list ...all non deny entries are removed 00361 deny ip from 202.124.17.215 to any 00361 deny ip from 65.245.144.158 to any 00361 deny ip from 210.76.124.84 to any 00362 deny ip from 220.78.122.177 to any 00362 deny ip from 192.248.32.3 to any 00362 deny ip from 70.229.145.61 to any 00362 deny ip from 64.40.106.252 to any 00362 deny ip from 65.204.143.112 to any 00362 deny ip from 204.16.200.34 to any 00362 deny ip from 62.141.42.33 to any 00362 deny ip from 66.221.219.117 to any 00362 deny ip from 148.223.146.29 to any 00362 deny ip from 82.136.37.93 to any 00362 deny ip from 68.12.255.97 to any 00362 deny ip from 195.110.108.70 to any 00362 deny ip from 69.5.77.151 to any 00362 deny ip from 202.29.9.19 to any 00362 deny ip from 210.196.245.131 to any 00363 deny ip from 71.135.36.103 to any 00363 deny ip from 71.226.110.30 to any 00363 deny ip from 71.135.109.190 to any 00364 deny ip from 71.207.46.56 to any 00364 deny ip from 71.135.52.79 to any 00364 deny ip from 71.135.179.240 to any 00364 deny ip from 222.168.102.118 to any 00364 deny ip from 71.135.65.16 to any 00364 deny ip from 83.19.158.66 to any 00364 deny ip from 71.79.1.13 to any 00364 deny ip from 71.135.206.213 to any 00364 deny ip from 71.135.129.195 to any 00364 deny ip from 217.6.105.253 to any 00364 deny ip from 71.135.44.127 to any 00364 deny ip from 71.135.37.42 to any 00364 deny ip from 71.135.142.223 to any 00364 deny ip from 71.135.69.201 to any 00364 deny ip from 71.135.185.66 to any *********** fails starts from here 00364 deny ip from 71.135.96.85 to any 00364 deny ip from 71.135.41.68 to any 00364 deny ip from 71.135.35.252 to any 00364 deny ip from 71.135.178.215 to any 00365 deny ip from somewhere to any *********** will not work