Date: Wed, 11 Sep 2002 08:29:00 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: Luigi Rizzo <rizzo@icir.org> Cc: ipfw@FreeBSD.ORG Subject: Re: ipfw2 vs. ipfw1 and 4.7 Message-ID: <3D7F28FC.8030403@tcoip.com.br> References: <20020902082743.D87097@iguana.icir.org> <3D7E3FDE.6070805@tcoip.com.br> <20020910223029.D84624@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote:
> On Tue, Sep 10, 2002 at 03:54:22PM -0300, Daniel C. Sobral wrote:
>
>>Luigi Rizzo wrote:
>>
>>>People,
>>>now that the release of 4.7 is approaching, i would really appreciate
>>>if you could give ipfw2 a try and see whether it breaks anything
>>>in your rulesets. Also have a look at the manpage highlighting the
>>>differences between ipfw1 and ipfw2 to see if your rulesets can be
>>>simplified/made more efficient.
>>
>>I love ipfw2, even though the breakage of fwd caused me a huge headache.
>
>
> which reminds me, i have to fix the byte order in port numbers in
> fwd actions...
>
>
>>As a side note, the man page mentions that 32 sets are available, but
>>set 31 is illegal when I try to use it (and sometimes produce very weird
>>results indeed).
>
>
> i guess i have to clarify the wording -- the manpage says
>
> Each rule is associated to a set_number in the range 0..31, with
> the latter reserved for the default rule. Sets can be individu-
>
> with wich i meant to say that you cannot use set 31 for anything else,
> nor disable it.
>
> What "weird results" were you seeing ?
I printed a funny error message, I didn't try to track it down, though.
I use a complex set of shell functions to simplify my rules-writting (in
fact, the convertion to or-rules was easily done, with no modifications
required of the rules themselves). What I recall clearly was a weird
number (16-something -- five or six digits long). That was produced at
the beginning of my rules, in which I disabled and deleted set 31 (my
script now adds all rules in a disabled set, and swap it with the main
set only if all rules are added succesfully).
>
> cheers
> luigi
--
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
Money can't buy love, but it improves your bargaining position.
-- Christopher Marlowe
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D7F28FC.8030403>