Date: Mon, 29 Oct 2012 13:50:01 GMT From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/165939: [ipw] bug: incomplete firewall rules loaded if tables are used in ipfw.conf Message-ID: <201210291350.q9TDo19H047215@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/165939; it has been noted by GNATS. From: Ian Smith <smithi@nimnet.asn.au> To: bug-followup@FreeBSD.org, hsn@sendmail.cz Cc: Subject: Re: kern/165939: [ipw] bug: incomplete firewall rules loaded if tables are used in ipfw.conf Date: Tue, 30 Oct 2012 00:17:39 +1100 This is not a bug but a feature, at least for those of us managing some or all ipfw tables independently of the ruleset. In such cases flushing tables would be a bug, requiring addition of all entries in tables used to be included in the ruleset before using service ipfw restart. This would be unwieldy at best, esp. for tables updated dynamically by hand and/or by other scripts monitoring logs and such (I use both). I think ipfw(8) is clear enough that ipfw flush just flushes rules, not tables, nat or dummynet configs, but emphasising that may be helpful? For those using tables only defined in their ruleset, adding 'ipfw table all flush' (or better, flushing particular tables used by the ruleset) before the first 'ipfw table add ..' command is certainly necessary. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210291350.q9TDo19H047215>