Date: Mon, 21 Sep 1998 01:50:19 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: "N. N.M" <madrapour@hotmail.com> Cc: security@FreeBSD.ORG Subject: Re: Show & LIST commands in IPFW Message-ID: <Pine.BSF.3.96.980921012141.5955C-100000@aniwa.sky> In-Reply-To: <19980920123918.479.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Sep 1998, N. N.M wrote: > I use IPFW with around 9000 rules. These 9000 rules are active in > system's databases, but I can't brows them by using the SHOW or LIST > commands. Using these commands causes the following message and then > auto-rebooting of system: Probably this should be a moot point. Probably you should rewrite your ruleset to use less rules. If you can describe in general terms what you're trying to do with this ruleset, then you're half way to generalising the rules. Using skipto and a bit of thought about the similarities between different rules you use you should be able to knock it right down. You'll probably get a performance win as well as recovering your list/show functionality. the 'list' routine in ipfw.c defines struct ip_fw rules[1024]; I haven't read in depth, so there may be gotchas, but it looks like it's probably an easy fix. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980921012141.5955C-100000>