From owner-freebsd-stable@FreeBSD.ORG  Thu Dec 21 20:22:39 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B57A216A403
	for <stable@freebsd.org>; Thu, 21 Dec 2006 20:22:39 +0000 (UTC)
	(envelope-from rodrigo@liralink.com)
Received: from bloco-19.gmail.comdominio.com.br
	(bloco-19.gmail.comdominio.com.br [200.155.11.212])
	by mx1.freebsd.org (Postfix) with ESMTP id A6AE513C466
	for <stable@freebsd.org>; Thu, 21 Dec 2006 20:22:37 +0000 (UTC)
	(envelope-from rodrigo@liralink.com)
Received: (qmail 12106 invoked from network); 21 Dec 2006 19:54:29 -0000
Received: from unknown (HELO [10.0.0.8])
	(Authenticatedgmail:rodrigo@liralink.com@[41.222.255.83])
	(envelope-sender <rodrigo@liralink.com>)
	by bloco-19.gmail.comdominio.com.br (qmail-ldap-1.03) with SMTP
	for <V.Haisman@sh.cvut.cz>; 21 Dec 2006 19:54:25 -0000
Message-ID: <458AE655.7000800@liralink.com>
Date: Thu, 21 Dec 2006 20:53:57 +0100
From: Rodrigo Galiano <rodrigo@liralink.com>
Organization: GALICOM
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: =?UTF-8?B?VsOhY2xhdiBIYWlzbWFu?= <V.Haisman@sh.cvut.cz>
References: <458AD815.3010601@sh.cvut.cz>
In-Reply-To: <458AD815.3010601@sh.cvut.cz>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: stable@freebsd.org
Subject: Re: Duplicate IPFW rules
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: rodrigo@liralink.com
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2006 20:22:39 -0000

Hi,


    Re-edit your script and on the first line at the following:

ipfw -f fl

    This line flushes the firewall script that is currently loaded 
before loading your script.


    Can you keep me posted.


Regards and a Merry Christmas,
-- 
Rodrigo Galiano Celestino
Internet & System Consultant
Celphone: +244 923 57 79 72



Václav Haisman escreveu:
> Hi,
> I have just noticed that ipfw list shows one rule twice. It could be that I
> have run a script that adds it twice:
> 
> shell::root:~> ipfw list
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 01999 deny ip from table(1) to any
> 01999 deny ip from table(1) to any
> 65000 allow ip from any to any
> 65535 allow ip from any to any
> 
> Shouldn't IPFW check before adding the same rule number again?
> 
> This is FreeBSD 6.1 RC1 with quite recent kernel.
> 
> --
> Vaclav Haisman
>