From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 15 18:14:28 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1D0D01AB
 for <freebsd-questions@freebsd.org>; Mon, 15 Dec 2014 18:14:28 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id E8E361F0
 for <freebsd-questions@freebsd.org>; Mon, 15 Dec 2014 18:14:27 +0000 (UTC)
Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41])
 by be-well.ilk.org (Postfix) with ESMTP id 844FB33C28;
 Mon, 15 Dec 2014 13:14:21 -0500 (EST)
Received: by lowell-desk.lan (Postfix, from userid 1147)
 id EBD9C39814; Mon, 15 Dec 2014 13:14:20 -0500 (EST)
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: s m <sam.gh1986@gmail.com>
Subject: Re: can ipfw check all permit rules without search termination?
References: <CAA_1SgF1Fa4wV0uRpOWqD1k2zUqtugbNhnDF+h-HCoAn7fjsAw@mail.gmail.com>
Reply-To: freebsd-questions <freebsd-questions@freebsd.org>
Date: Mon, 15 Dec 2014 13:14:19 -0500
In-Reply-To: <CAA_1SgF1Fa4wV0uRpOWqD1k2zUqtugbNhnDF+h-HCoAn7fjsAw@mail.gmail.com>
 (s. m.'s message of "Mon, 15 Dec 2014 11:19:43 +0330")
Message-ID: <44k31seq6c.fsf@lowell-desk.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Dec 2014 18:14:28 -0000

s m <sam.gh1986@gmail.com> writes:

> i want to define multiple rules for ipfw. i wanna know if there is any way
> to ipfw check all permit rules without termination search until it sees and
> deny rule??? i want to search terminate only when a deny rule meet.
> is there any option or sysctl variable to doing this for me? i read ipfw
> man page but find nothing.

Why are you trying to do this?
What are you actually trying to achieve?

What you've described doesn't make sense, so you need to go back and
figure out why you're asking the wrong question.

Perhaps another firewall, like pf(4), might have syntax that makes more
sense to you?