From owner-freebsd-hackers  Fri Dec 15 07:01:16 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA25980
          for hackers-outgoing; Fri, 15 Dec 1995 07:01:16 -0800 (PST)
Received: from critter.tfs.com ([140.145.230.252])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA25960
          for <hackers@FreeBSD.ORG>; Fri, 15 Dec 1995 07:01:07 -0800 (PST)
Received: from localhost.tfs.com (localhost.tfs.com [127.0.0.1]) by critter.tfs.com (8.6.12/8.6.12) with SMTP id PAA09736; Fri, 15 Dec 1995 15:59:01 +0100
X-Authentication-Warning: critter.tfs.com: Host localhost.tfs.com didn't use HELO protocol
To: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
cc: franky@pinewood.nl, hackers@FreeBSD.ORG
Subject: Re: Order of rules in ip_fw chain 
In-reply-to: Your message of "Fri, 15 Dec 1995 15:26:20 +0100."
             <199512151426.PAA00216@labinfo.iet.unipi.it> 
Date: Fri, 15 Dec 1995 15:59:00 +0100
Message-ID: <9734.819039540@critter.tfs.com>
From: Poul-Henning Kamp <phk@critter.tfs.com>
Sender: owner-hackers@FreeBSD.ORG
Precedence: bulk

> > > 2) I noticed that the order in which the fw checks incoming packets is
> > >    *not* the same as the order in which the packet rules were added.
> > >    IMHO this should be fixed.  I have not had the time (yet) to have
> > >    a look at the source myself, but will do so in the next few weeks.
> > 
> > yes.
> 
> #define yes This is correct. It is a major problem when configuring \ 
> 	firewalls. It should be fixed. Please do it.
> 

More like:

#define yes Yes, please fix this and send us a patch :-)

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.