From owner-freebsd-stable Sat May 25 15:20:22 2002 Delivered-To: freebsd-stable@freebsd.org Received: from terminus.inext.hu (terminus.inext.hu [212.108.197.87]) by hub.freebsd.org (Postfix) with ESMTP id 86C2E37B403 for ; Sat, 25 May 2002 15:20:18 -0700 (PDT) Received: from home.fifteen.hu (home.fifteen.hu [212.108.199.82]) by terminus.inext.hu (8.12.3/8.12.3) with SMTP id g4PJNqQA074497 for ; Sat, 25 May 2002 21:23:53 +0200 (CEST) (envelope-from fifteen@inext.hu) Date: Sat, 25 May 2002 21:23:49 +0200 From: Peter Hollaubek To: freebsd-stable@FreeBSD.ORG Subject: ipfw limit Message-Id: <20020525212349.096149b2.fifteen@inext.hu> X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings, I've been using the limit feature in ipfw, and has some notices, and suggestions about it. First, there seems to be seme problem with the handling of parent rules, and ipfw just gives the error message 'OUCH! cannot remove rule, count 1', and such. In the source it says it's a case that should never happen, and I have also found a PR with a patch fixing it. Is there any reason it was not commited, or at least commented by the one responsible for ipfw? Seems to be pretty disturbing on high traffic load machines. My other question/suggestion is about the default message ipfw gives, when the limit is exceeded. Could it be turned off somehow, or be a bit more informative? Some thousands of 'drop session, too many entries' lines in the log does not make too much sense for me. Thank you in advance: Peter Hollaubek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message