From owner-freebsd-questions Tue Sep 24 13:17:30 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6E7E37B401 for ; Tue, 24 Sep 2002 13:17:29 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5817F43E77 for ; Tue, 24 Sep 2002 13:17:29 -0700 (PDT) (envelope-from dfolkins@comcast.net) Disposition-notification-to: dfolkins@comcast.net Received: from groovy3xp (pcp01731796pcs.selrsv01.pa.comcast.net [68.83.131.193]) by mtaout05.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with SMTP id <0H2Y006L1LP4JN@mtaout05.icomcast.net> for freebsd-questions@freebsd.org; Tue, 24 Sep 2002 16:17:29 -0400 (EDT) Date: Tue, 24 Sep 2002 16:17:22 -0400 From: dfolkins Subject: Re: Can IPFW keep state after a flush? To: Kirk Strauser , freebsd-questions@freebsd.org Message-id: <001301c26407$63eb2a20$0a00a8c0@groovy3xp> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <87n0q7l4ns.fsf@pooh.int> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Kirk Strauser" To: Sent: Tuesday, September 24, 2002 12:43 PM Subject: Can IPFW keep state after a flush? > From what I can tell, ipfw's 'flush' command clears the ruleset *and* the > current list of dynamic (keep-state) rules. Is there any way to ask ipfw to > flush only the ruleset, but to leave the dynamic rules intact? Ideally, > ipfw could be made to compare the curreny dynamic rules against any new > rules that were added, which would allow a sysadmin to implement a new > ruleset on an already-running system without disturbing any current valid > connections. Is such a thing possible, or am I dreaming? only solution i can think of is to add new rules from commandline, in addition to adding them to the ruleset. -- dfolkins To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message