From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 4 05:08:24 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93E0816A4CE; Wed, 4 Aug 2004 05:08:24 +0000 (GMT) Received: from smtp-out6.blueyonder.co.uk (smtp-out6.blueyonder.co.uk [195.188.213.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id D41AA43D49; Wed, 4 Aug 2004 05:08:23 +0000 (GMT) (envelope-from admin@asarian-host.net) Received: from cluster5 ([172.23.146.54]) by smtp-out6.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Wed, 4 Aug 2004 06:08:40 +0100 Received: from mail pickup service by cluster5 with Microsoft SMTPSVC; Wed, 4 Aug 2004 06:04:22 +0100 Received: from smtp-in4.blueyonder.co.uk ([172.23.146.15]) by cluster5 with Microsoft SMTPSVC(5.0.2195.6713); Tue, 3 Aug 2004 17:07:29 +0100 Received: from eback03.blueyonder.co.uk ([195.188.53.214]) by smtp-in4.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Tue, 3 Aug 2004 17:01:56 +0100 Received: from [172.23.164.205] (helo=anti-virus02-08.blueyonder.co.uk) by eback03.blueyonder.co.uk with smtp (Exim 4.32) id 1Bs1jO-0002bp-U6 for xtalsinger@blueyonder.co.uk; Tue, 03 Aug 2004 17:01:38 +0100 Received: from mx2.freebsd.org ([216.136.204.119]) by exim11.blueyonder.co.uk with esmtp (Exim 4.41) id 1Bs1jO-0000VA-BO for xtalsinger@blueyonder.co.uk; Tue, 03 Aug 2004 17:01:38 +0100 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 7621255900; Tue, 3 Aug 2004 16:01:11 +0000 (GMT) (envelope-from owner-freebsd-questions@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 63D4416A4E4; Tue, 3 Aug 2004 16:01:06 +0000 (GMT) Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03A8916A4CE for ; Tue, 3 Aug 2004 16:01:01 +0000 (GMT) Received: from mail.asarian-host.net (mail.asarian-host.net [194.109.160.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5594A43D60 for ; Tue, 3 Aug 2004 16:01:00 +0000 (GMT) SRS0=So2F/K8/=KZ=asarian-host.net=admin@asarian-host.net) Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email accounts can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by mail.asarian-host.net (8.13.0/8.13.0) id i73G0xin037704 for freebsd-questions@freebsd.org; Tue, 3 Aug 2004 18:00:59 +0200 (CEST) (envelope-from admin@asarian-host.net) From: Mark Received-SPF: pass (asarian-host.net: domain of admin@asarian-host.net designates sender IP as SASL permitted sender) Message-Id: <200408031600.I73G0W9L037695@asarian-host.net> Date: Tue, 03 Aug 2004 16:00:59 GMT X-Authenticated-Sender: admin@asarian-host.net X-Trace: +9bugMVvIj2HfaKeiX8K7qsylv8Ay0janHFosYbKsRkmJjVfB65vEYpvyTsi4ZtsAmWscwITa8PEu1e7rUyCcA== X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers, otherwise we are unable to process your complaint Organization: Asarian-host To: References: <20040803105731.197c7cd0.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Auth: Asarian-host PGP signature iQEVAwUAQQ+2uzFqW1BleBN9AQFlLgf/Q+BZOD22GgjydqYeD36LLjlD0UgeIb8i MkWMXBgojFXTpXXJRod75il28e4C2ROnTum8JPPR1mdhDW5mPyRNXil7ctTX96Ow KsiyO7EKrFKJOHHiZhmf4VZjvp4VRrYnfdEvQusZsVLCOD7r3lU7hkLHqRn77Phu qcusSUu8SKLlQeGxX+xKJZqWhXIg2R7jrzrwqdvs+jhV7G2FNms+O2h/u6draCp4 QiXw6+B6SzVu9uIL83ixljctjFVYeh2UmyEZaCRaFWGLb4MamGiu00p1rwzI8llD aK/Ee86GC3QndZCcTyYhRucmpBdTZA6llXJaIuDRcWGHesbxV7U5NA== =PZ/3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Sender: owner-freebsd-questions@freebsd.org Errors-To: owner-freebsd-questions@freebsd.org X-Sent-To: xtalsinger@blueyonder.co.uk X-OriginalArrivalTime: 03 Aug 2004 16:01:56.0354 (UTC) FILETIME=[3362F620:01C47973] cc: freebsd-hackers@freebsd.org Subject: Re: One OR MORE of source and destination addresses? X-BeenThere: freebsd-hackers@freebsd.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Aug 2004 05:08:24 -0000 Bill Moran wrote: > How about using skipto instead of allow? Thus, if it passes the > first one, it can just skipto the next rule to be checked. i.e.: > > ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32 > ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4 > > Thus, if rule 11 pases, it skips to rule 12. If it fails, it should > reject as always. The end result is that a packet _must_ pass both > rules to be allowed. I spoke too soon. :( It seems this sort of rules evokes a bug: http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-April/001084.html My whole console is flooded with messages like these: "ipfw: install_state: entry already present, done" Is there a known patch? Thanks, - Mark _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"