From owner-freebsd-ipfw Wed Sep 11 4:29:38 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D405C37B400 for ; Wed, 11 Sep 2002 04:29:34 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E4D143E3B for ; Wed, 11 Sep 2002 04:29:29 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id g8BBT0v06775; Wed, 11 Sep 2002 08:29:01 -0300 Message-ID: <3D7F28FC.8030403@tcoip.com.br> Date: Wed, 11 Sep 2002 08:29:00 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20020905 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Luigi Rizzo Cc: ipfw@FreeBSD.ORG Subject: Re: ipfw2 vs. ipfw1 and 4.7 References: <20020902082743.D87097@iguana.icir.org> <3D7E3FDE.6070805@tcoip.com.br> <20020910223029.D84624@iguana.icir.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Luigi Rizzo wrote: > On Tue, Sep 10, 2002 at 03:54:22PM -0300, Daniel C. Sobral wrote: > >>Luigi Rizzo wrote: >> >>>People, >>>now that the release of 4.7 is approaching, i would really appreciate >>>if you could give ipfw2 a try and see whether it breaks anything >>>in your rulesets. Also have a look at the manpage highlighting the >>>differences between ipfw1 and ipfw2 to see if your rulesets can be >>>simplified/made more efficient. >> >>I love ipfw2, even though the breakage of fwd caused me a huge headache. > > > which reminds me, i have to fix the byte order in port numbers in > fwd actions... > > >>As a side note, the man page mentions that 32 sets are available, but >>set 31 is illegal when I try to use it (and sometimes produce very weird >>results indeed). > > > i guess i have to clarify the wording -- the manpage says > > Each rule is associated to a set_number in the range 0..31, with > the latter reserved for the default rule. Sets can be individu- > > with wich i meant to say that you cannot use set 31 for anything else, > nor disable it. > > What "weird results" were you seeing ? I printed a funny error message, I didn't try to track it down, though. I use a complex set of shell functions to simplify my rules-writting (in fact, the convertion to or-rules was easily done, with no modifications required of the rules themselves). What I recall clearly was a weird number (16-something -- five or six digits long). That was produced at the beginning of my rules, in which I disabled and deleted set 31 (my script now adds all rules in a disabled set, and swap it with the main set only if all rules are added succesfully). > > cheers > luigi -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net Money can't buy love, but it improves your bargaining position. -- Christopher Marlowe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message