From owner-freebsd-questions Tue Sep 24 9:43:30 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A88C937B401 for ; Tue, 24 Sep 2002 09:43:29 -0700 (PDT) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2970643E75 for ; Tue, 24 Sep 2002 09:43:27 -0700 (PDT) (envelope-from kirk@strauser.com) Received: from pooh.int (mail@pooh.int [10.0.1.2]) by kanga.honeypot.net (8.12.6/8.12.6) with ESMTP id g8OGhJ1n022949 for ; Tue, 24 Sep 2002 11:43:20 -0500 (CDT) (envelope-from kirk@strauser.com) Received: from kirk by pooh.int with local (Exim 3.36 #1 (Debian)) id 17tsmN-0003L1-00 for ; Tue, 24 Sep 2002 11:43:19 -0500 To: freebsd-questions@freebsd.org Subject: Can IPFW keep state after a flush? From: Kirk Strauser Date: 24 Sep 2002 11:43:19 -0500 Message-ID: <87n0q7l4ns.fsf@pooh.int> Lines: 10 X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG From what I can tell, ipfw's 'flush' command clears the ruleset *and* the current list of dynamic (keep-state) rules. Is there any way to ask ipfw to flush only the ruleset, but to leave the dynamic rules intact? Ideally, ipfw could be made to compare the curreny dynamic rules against any new rules that were added, which would allow a sysadmin to implement a new ruleset on an already-running system without disturbing any current valid connections. Is such a thing possible, or am I dreaming? -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message