Date: Sat, 08 May 2004 22:08:14 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Oleg Bulyzhin <oleg@rinet.ru> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw: ouch!, skip past end of rules, denying packet Message-ID: <20040509020814.61BB120F78@whizzo.transsys.com> In-Reply-To: Your message of "Fri, 07 May 2004 15:19:06 %2B0400." <20040507150212.P5201@lath.rinet.ru> References: <104341060709.20040505171307@vkt.lt> <20040505194451.V9766@lath.rinet.ru> <20040506153815.A75812@xorpc.icir.org> <20040507024206.B61144@xorpc.icir.org> <20040507150212.P5201@lath.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Not to hijack the thread here, but if you're looking at this code, it would be nice if the logic that the ipfw "queue" command used was similar to "divert"; where processing picks up at the next higher rule number rather than the next rule (which might be numbered the same.) I'd like to have a bunch of queue commands in a row (perhaps with less specific matching criteria in successive rules) and know that if they're all numbered the same, only the first one will match. louie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040509020814.61BB120F78>