Date: Thu, 21 Dec 2006 12:10:10 -0800 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: =?iso-8859-1?Q?V=E1clav?= Haisman <V.Haisman@sh.cvut.cz> Cc: stable@freebsd.org, Kevin Downey <redchin@gmail.com> Subject: Re: Duplicate IPFW rules Message-ID: <20061221201009.GA89332@icarus.home.lan> In-Reply-To: <458AE623.4070701@sh.cvut.cz> References: <458AD815.3010601@sh.cvut.cz> <1d3ed48c0612211144s631e2cendbfcfb6acfae9ef1@mail.gmail.com> <458AE623.4070701@sh.cvut.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 21, 2006 at 08:53:07PM +0100, Václav Haisman wrote: > Huh, really? How is it useful? Please, explain. I use the functionality you're questioning. Each of my rule numbers (well, not all of them, but most of them) are for specfic things; such as rule 3000 representing deny SSH attempts from any APNIC addresses, rule 3001 representing the same but for RIPE, etc. etc.. I have multiple deny entries *per rule number*. Thus, when I delete one of those rule numbers, I delete all entries in that rule (e.g. if I have 15 deny statements in rule 3000, if I delete rule 3000, I delete all 15 of those deny statements). So please, do not change this behaviour -- it's a useful feature. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061221201009.GA89332>