From owner-freebsd-doc@FreeBSD.ORG  Tue Mar  4 09:21:20 2008
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: doc@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 18E6A10656A2
	for <doc@FreeBSD.org>; Tue,  4 Mar 2008 09:21:20 +0000 (UTC)
	(envelope-from alekso@eu.spb.ru)
Received: from ixy.eu.spb.ru (ixy.eu.spb.ru [89.179.117.38])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DA338FC2F
	for <doc@FreeBSD.org>; Tue,  4 Mar 2008 09:21:19 +0000 (UTC)
	(envelope-from alekso@eu.spb.ru)
Received: from euweb.eu.spb.ru (mail.eu.spb.ru [192.168.5.3])
	by ixy.eu.spb.ru (8.13.7/8.13.7) with ESMTP id m248wK8t006825
	for <doc@FreeBSD.org>; Tue, 4 Mar 2008 11:58:20 +0300
Received: from viola (195.131.224.187 [195.131.224.187]) by euweb.eu.spb.ru
	with SMTP (Microsoft Exchange Internet Mail Service Version
	5.5.2657.72) id DJZCBC8A; Tue, 4 Mar 2008 11:57:51 +0300
Date: Tue, 4 Mar 2008 11:50:40 +0300
From: Alexey Solovyov <alekso@eu.spb.ru>
X-Mailer: The Bat! (v3.99.29) Professional
Organization: European University at St. Petersburg
X-Priority: 3 (Normal)
Message-ID: <1841805624.20080304115040@eu.spb.ru>
To: doc@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: 
Subject: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Alexey Solovyov <alekso@eu.spb.ru>
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2008 09:21:20 -0000


The subj says:

    A simple example of ruleset file can be following:

         add block in  all
         add block out all

    ... A valid ruleset script that would be equivalent to the ruleset
    file shown above would be following:

         #!/bin/sh
         ipfw -q flush
         ipfw add block in  all
         ipfw add block out all


which is not exactly true since flush is not performed in the first case.

Also I could not find three things I personally worried about:

- possibility to include comments/empty lines in the ruleset which
happened to be really possible;

- the preference of the first method in terms of performance in case
of huge ruleset (ipfw is executed just once);

- ability to produce ipfw output of the current ruleset compatible
with its input (without the need of preprocessing).

With regards,
     Alex