Date: Tue, 4 Mar 2008 11:50:40 +0300 From: Alexey Solovyov <alekso@eu.spb.ru> To: doc@FreeBSD.org Subject: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html Message-ID: <1841805624.20080304115040@eu.spb.ru>
index | next in thread | raw e-mail
The subj says:
A simple example of ruleset file can be following:
add block in all
add block out all
... A valid ruleset script that would be equivalent to the ruleset
file shown above would be following:
#!/bin/sh
ipfw -q flush
ipfw add block in all
ipfw add block out all
which is not exactly true since flush is not performed in the first case.
Also I could not find three things I personally worried about:
- possibility to include comments/empty lines in the ruleset which
happened to be really possible;
- the preference of the first method in terms of performance in case
of huge ruleset (ipfw is executed just once);
- ability to produce ipfw output of the current ruleset compatible
with its input (without the need of preprocessing).
With regards,
Alex
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1841805624.20080304115040>