From owner-freebsd-stable@FreeBSD.ORG  Thu Dec 21 20:23:36 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7815A16A4C9
	for <stable@freebsd.org>; Thu, 21 Dec 2006 20:23:36 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from alnrmhc14.comcast.net (alnrmhc14.comcast.net [206.18.177.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 4DF9A13C469
	for <stable@freebsd.org>; Thu, 21 Dec 2006 20:23:36 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from icarus.home.lan
	(c-67-174-220-97.hsd1.ca.comcast.net[67.174.220.97])
	by comcast.net (alnrmhc14) with ESMTP
	id <20061221201010b1400mgm29e>; Thu, 21 Dec 2006 20:10:20 +0000
Received: by icarus.home.lan (Postfix, from userid 1000)
	id 047101FA037; Thu, 21 Dec 2006 12:10:10 -0800 (PST)
Date: Thu, 21 Dec 2006 12:10:10 -0800
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: =?iso-8859-1?Q?V=E1clav?= Haisman <V.Haisman@sh.cvut.cz>
Message-ID: <20061221201009.GA89332@icarus.home.lan>
Mail-Followup-To: =?iso-8859-1?Q?V=E1clav?= Haisman <V.Haisman@sh.cvut.cz>,
	Kevin Downey <redchin@gmail.com>, stable@freebsd.org
References: <458AD815.3010601@sh.cvut.cz>
	<1d3ed48c0612211144s631e2cendbfcfb6acfae9ef1@mail.gmail.com>
	<458AE623.4070701@sh.cvut.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <458AE623.4070701@sh.cvut.cz>
X-PGP-Key: http://jdc.parodius.com/pubkey.asc
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: stable@freebsd.org, Kevin Downey <redchin@gmail.com>
Subject: Re: Duplicate IPFW rules
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2006 20:23:36 -0000

On Thu, Dec 21, 2006 at 08:53:07PM +0100, Václav Haisman wrote:
> Huh, really? How is it useful? Please, explain.

I use the functionality you're questioning.  Each of my rule numbers
(well, not all of them, but most of them) are for specfic things;
such as rule 3000 representing deny SSH attempts from any APNIC
addresses, rule 3001 representing the same but for RIPE, etc. etc..

I have multiple deny entries *per rule number*.

Thus, when I delete one of those rule numbers, I delete all entries
in that rule (e.g. if I have 15 deny statements in rule 3000, if I
delete rule 3000, I delete all 15 of those deny statements).

So please, do not change this behaviour -- it's a useful feature.

-- 
| Jeremy Chadwick                                 jdc at parodius.com |
| Parodius Networking                        http://www.parodius.com/ |
| UNIX Systems Administrator                   Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP: 4BD6C0CB |