Date: Tue, 4 Mar 2008 11:50:40 +0300 From: Alexey Solovyov <alekso@eu.spb.ru> To: doc@FreeBSD.org Subject: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html Message-ID: <1841805624.20080304115040@eu.spb.ru>
next in thread | raw e-mail | index | archive | help
The subj says:
A simple example of ruleset file can be following:
add block in all
add block out all
... A valid ruleset script that would be equivalent to the ruleset
file shown above would be following:
#!/bin/sh
ipfw -q flush
ipfw add block in all
ipfw add block out all
which is not exactly true since flush is not performed in the first case.
Also I could not find three things I personally worried about:
- possibility to include comments/empty lines in the ruleset which
happened to be really possible;
- the preference of the first method in terms of performance in case
of huge ruleset (ipfw is executed just once);
- ability to produce ipfw output of the current ruleset compatible
with its input (without the need of preprocessing).
With regards,
Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1841805624.20080304115040>