From owner-freebsd-questions Tue Sep 24 13: 4:57 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 306E337B401 for ; Tue, 24 Sep 2002 13:04:56 -0700 (PDT) Received: from mail.bg (dialup59.varna.spnet.net [213.169.38.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DFFD43E75 for ; Tue, 24 Sep 2002 13:04:35 -0700 (PDT) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id g8ON3AuE000961; Tue, 24 Sep 2002 23:03:25 GMT (envelope-from dpenev@mail.bg) Received: (from root@localhost) by mail.bg (8.12.5/8.12.5/Submit) id g8ON207W000956; Tue, 24 Sep 2002 23:02:00 GMT Date: Tue, 24 Sep 2002 23:01:59 +0000 From: "D. Penev" To: Kirk Strauser Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Can IPFW keep state after a flush? Message-ID: <20020924230159.GA310@earth.dpsca.bg> Mail-Followup-To: Kirk Strauser , freebsd-questions@FreeBSD.ORG References: <87n0q7l4ns.fsf@pooh.int> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <87n0q7l4ns.fsf@pooh.int> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Sep 24, 2002 at 11:43:19AM -0500, Kirk Strauser wrote: >To: freebsd-questions@freebsd.org >Subject: Can IPFW keep state after a flush? >From: Kirk Strauser >Date: 24 Sep 2002 11:43:19 -0500 > >>From what I can tell, ipfw's 'flush' command clears the ruleset *and* the >current list of dynamic (keep-state) rules. Is there any way to ask ipfw = to >flush only the ruleset, but to leave the dynamic rules intact? Ideally, =46rom ip_fw.c: [snip] * Each dynamic rules holds a pointer to the parent ipfw rule so * we know what action to perform. Dynamic rules are removed when=20 * the parent rule is deleted. [snip] =46rom ip_fw2.c: * Each dynamic rule holds a pointer to the parent ipfw rule so * we know what action to perform. Dynamic rules are removed when * the parent rule is deleted. XXX we should make them survive. >ipfw could be made to compare the curreny dynamic rules against any new >rules that were added, which would allow a sysadmin to implement a new >ruleset on an already-running system without disturbing any current valid >connections. Is such a thing possible, or am I dreaming? >--=20 >Kirk Strauser >In Googlis non est, ergo non est. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message --=20 Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message