From owner-freebsd-hackers  Fri Dec 15 06:30:59 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id GAA24839
          for hackers-outgoing; Fri, 15 Dec 1995 06:30:59 -0800 (PST)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id GAA24833
          for <hackers@FreeBSD.ORG>; Fri, 15 Dec 1995 06:30:53 -0800 (PST)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id PAA00216; Fri, 15 Dec 1995 15:26:21 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199512151426.PAA00216@labinfo.iet.unipi.it>
Subject: Re: Order of rules in ip_fw chain
To: phk@critter.tfs.com (Poul-Henning Kamp)
Date: Fri, 15 Dec 1995 15:26:20 +0100 (MET)
Cc: franky@pinewood.nl, hackers@FreeBSD.ORG
In-Reply-To: <6974.819030894@critter.tfs.com> from "Poul-Henning Kamp" at Dec 15, 95 01:34:35 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@FreeBSD.ORG
Precedence: bulk

> > 2) I noticed that the order in which the fw checks incoming packets is
> >    *not* the same as the order in which the packet rules were added.
> >    IMHO this should be fixed.  I have not had the time (yet) to have
> >    a look at the source myself, but will do so in the next few weeks.
> 
> yes.

#define yes This is correct. It is a major problem when configuring \ 
	firewalls. It should be fixed. Please do it.

I believe the problem is in the order of loading rules in the filtering
chains.

	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522              http://www.iet.unipi.it/~luigi/
====================================================================