From owner-freebsd-ipfw@freebsd.org Sat May 5 19:20:32 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7B2DFB7450 for ; Sat, 5 May 2018 19:20:32 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 417036F0AD for ; Sat, 5 May 2018 19:20:32 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk0-x235.google.com with SMTP id d125so19141245qkb.8 for ; Sat, 05 May 2018 12:20:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=guzohACE3kuvDUwA8D2fbYCBhbQj9K0WMKUDe2FSiDM=; b=D1HIdEBiMLqs17jAYz3GU/ddci/tY0ppkg3uIb76Q8hKb07x+a04zhJUZnPUVJKQVv 9OP3dCTLforf7WlxivJrApjQK5wR9CLCXxAwQ+4kax0bJ51SpoaWWPT1CkLtE8HMLETO Kr+U/YMpyLE+jdyUL2S4CO7Tdg8H3KJ4eBc68Ivnvw0Lk2V6d6Rip9NxqXSoxrmA5+nl L9goBbBrmdLa2OTYnuL+yKH/rhaLa0ndE7eCCnQZUDnhz1x0Y0GSX2TtKC0GC8fOsBfX uqFCdK8dXUSIhrW/Maiz+vDBC/DmGverWRXHT+MvJICkvp/xc/Z5KizjpPGcUfbAVKpF lJKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=guzohACE3kuvDUwA8D2fbYCBhbQj9K0WMKUDe2FSiDM=; b=eIiwYcYxHOfhk04aiX8po8bKVtCDV345Al/Q/HQBqi2A9caZX8QAUdA7jr2zmYYvEL y7UYYqajqdscrWxrldvN3GLOqXyZdRihO5uTrt73J1IYTLM7WwS36Fn1L1U2SkRcp2e9 oNKyuUq8xCY++y4nLjRd9sXn2mlAYd3CxR+wfqVVoCZayG21rC9Wp3KdkPJzPSqHmX6y DxoXm9D6VSciIYQ+drsxfC3jYXyfykPpKPlL4GvT4Sgi/rnY/7o+gT4PDjYTpaz9LP96 RsQbcQCfCEyaaRhTEYYHK8yxH2KVEjxS0XTtlX4GJfvPJYNvK2cQ1mL889XCh0JSrbqv PPsg== X-Gm-Message-State: ALQs6tBxensjKwIbVsw91zdwSRVKHX9lATiYrBW7WaYrAoLRKu+149dI la+uYvF9EE3bsC4dRmGow4MEHkVxRLBvkZF1r3BhtMyD3xg= X-Google-Smtp-Source: AB8JxZrQ7SFl9NhQqmB/1zES3RlEgA8LG8EoR4jclw4b7XeWYluag6Pt4yDrCPkGPSsySya5aqPvWWj/bKKW/T7wZ30= X-Received: by 10.55.151.4 with SMTP id z4mr26229931qkd.138.1525548031321; Sat, 05 May 2018 12:20:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.41.92 with HTTP; Sat, 5 May 2018 12:20:30 -0700 (PDT) In-Reply-To: <9d710171-22ff-7df9-a803-eca8469ad61f@freebsd.org> References: <201805011503.w41F3PxP026423@pdx.rh.CN85.dnsmgr.net> <81ced915-4dae-26c0-bc43-5ff5299d00d0@freebsd.org> <30b5e916-60ef-c3fa-1f80-5858d0d6717c@freebsd.org> <11885361525386183@web50g.yandex.ru> <9d710171-22ff-7df9-a803-eca8469ad61f@freebsd.org> From: Michael Sierchio Date: Sat, 5 May 2018 12:20:30 -0700 Message-ID: Subject: Re: removing some error states To: "freebsd-ipfw@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 May 2018 19:20:32 -0000 Hi, Julian - On Sat, May 5, 2018 at 11:03 AM, Julian Elischer wrote: >... > it was never "ignore errors" It's "ignore a certain class of error". > > table 3 add 1.1.1.1 >>> table 3 add 1.1.1.1 <- no error.. this is what I want.. >>> >> I'm wondering if it shouldn't be atomically idempotent, or... On a public-facing machine, I throttle all traffic until I get a successful auth event, and then add an IP to a table containing a whitelist, which bypasses the restrictive pipes. With a time_t value denoting when it was added. It would be nice if it simply replaced the arg value table 3 add 1.1.1.1 1525547787 and sometime later table 3 add 1.1.1.1 1525576587 which I'd like to succeed. With 11.0+ I can do this atomically with two tables and swap them, but... > table 3 swap 21 <-- doesn't quit, but doesn't generate a new >> >> +1 on this. Again, UPSERT semantics instead of DELETE-then-CREATE, or CREATE. - M