From owner-freebsd-questions  Wed Jan 17 11:41:52 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id LAA01341
          for questions-outgoing; Wed, 17 Jan 1996 11:41:52 -0800 (PST)
Received: from bubba.tribe.com ([205.184.207.7])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA01336
          for <freebsd-questions@freebsd.org>; Wed, 17 Jan 1996 11:41:50 -0800 (PST)
Received: (from archie@localhost) by bubba.tribe.com (8.6.12/8.6.12) id LAA28668; Wed, 17 Jan 1996 11:41:11 -0800
From: Archie Cobbs <archie@tribe.com>
Message-Id: <199601171941.LAA28668@bubba.tribe.com>
Subject: IP firewall question
To: freebsd-questions@freebsd.org
Date: Wed, 17 Jan 1996 11:41:11 -0800 (PST)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
Precedence: bulk


Hi,

While investigating FreeBSD's IP firewall (ipfw(4)) stuff, I heard
this claim somewhere: "FreeBSD's firewall code reorders rules, and
is therefore bad because this can change the intent of the rule list".

I understand how applying rules in a different order can change the
semantics of the firewall... but can someone explain exactly how and
why the FreeBSD code does this?

Also, is there some method of adding the rules which guarantees
the order in which they are applied? I'm willing to work on fixing
it if there is a need.

Thanks,
-Archie

_______________________________________________________________________________
Archie L. Cobbs, archie@tribe.com  *  Tribe Computer Works http://www.tribe.com