From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 28 14:18:33 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9D34216A418
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Dec 2007 14:18:33 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
	by mx1.freebsd.org (Postfix) with ESMTP id EDB7113C447
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Dec 2007 14:18:31 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (smithi@localhost)
	by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id BAA03226;
	Sat, 29 Dec 2007 01:18:21 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Sat, 29 Dec 2007 01:18:20 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
In-Reply-To: <20071228091722.720C016A480@hub.freebsd.org>
Message-ID: <Pine.BSF.3.96.1071229004129.11357B-100000@gaia.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-questions@freebsd.org, Noah <admin2@enabled.com>
Subject: Re: removing ipfw rules
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2007 14:18:33 -0000

On Fri, 28 Dec 2007 02:21:54 +0200 Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
 > On 2007-12-27 15:47, Noah <admin2@enabled.com> wrote:
 > > Hi,
 > >
 > > I have two ipfw rules that I want to remove.  They are viewable with the
 > > "ipfw show" command
 > >
 > >
 > > --- snip ---
 > >
 > > 06600      0         0 allow ip from any to any proto tcp src-ip
 > > 66.66.66.66 dst-port 22
 > > 06700      0         0 allow ip from any to any proto tcp src-ip
 > > 66.66.66.66 dst-port 22
 > >
 > > --- snip ----
 > >
 > > I am typing the command "/sbin/ipfw -q delete pass proto tcp src-ip
 > > 66.66.66.66 dst-port 22"
 > >
 > > but both lines remain.  What am I doing wrong?
 > 
 > There are differences between the visible rule:
 > 
 >     allow ip from any to any proto tcp src-ip 66.66.66.66 dst-port 22
 > 
 > and the one you are trying to delete:
 > 
 >     pass proto tcp src-ip 66.66.66.66 dst-port 22
 > 
 > Having said that, can you try something simpler, i.e.
 > 
 >     ipfw -q delete 6600
 >     ipfw -q delete 6700
 > 
 > This should work too, if I remember well enough the ipfw syntax.

You do, but deleting by rule number/s is the only way.  ipfw(8):

     ipfw [-q] {delete | zero | resetlog} [set] [number ...]

Of course Noah could find rule number/s to delete with something like

  # ipfw delete `ipfw list | grep $somestring | awk '{print $1}'`

if he was, um, courageous :)  Safer tested first with ipfw show ..

cheers, Ian