Date: Wed, 26 Feb 1997 14:40:06 -0700 (MST) From: Brandon Gillespie <brandon@cold.org> To: "Jonathan M. Bresler" <jmb@freefall.freebsd.org> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw rules problems (NOT operator?) Message-ID: <Pine.NEB.3.95.970226143851.3510A-100000@cold.org> In-Reply-To: <199702262103.NAA03088@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Brandon,
> it seems to me that "deny all not from ${onet}:${omask} to any"
> is the same as "allow all from ${onet}:${omask} to any"
>
> why not:
>
> allow packets from 206.81.134.0
> allow packets "filter based on protocol and port"
> drop all other packets
>
> do i not understand what you wish to achieve?
> in short it is not clear to me what packets you want to allow
They are SORTOF equivalent, _except_ for I want to further add additional
rules. When the packet matches 'allow all from blah' it drops out of the
rule checking, and isn't effected anymore. This is NOT what I want--I
want to further check for ports and protocols.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970226143851.3510A-100000>