Date: Tue, 03 Aug 2004 16:00:59 GMT From: Mark <admin@asarian-host.net> To: <freebsd-questions@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: One OR MORE of source and destination addresses? Message-ID: <200408031600.I73G0W9L037695@asarian-host.net> References: <20040803105731.197c7cd0.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > How about using skipto instead of allow? Thus, if it passes the > first one, it can just skipto the next rule to be checked. i.e.: > > ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32 > ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4 > > Thus, if rule 11 pases, it skips to rule 12. If it fails, it should > reject as always. The end result is that a packet _must_ pass both > rules to be allowed. I spoke too soon. :( It seems this sort of rules evokes a bug: http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-April/001084.html My whole console is flooded with messages like these: "ipfw: install_state: entry already present, done" Is there a known patch? Thanks, - Mark _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408031600.I73G0W9L037695>