From owner-freebsd-ipfw@FreeBSD.ORG  Mon Oct 29 13:50:01 2012
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 97848A3B
 for <freebsd-ipfw@hub.freebsd.org>; Mon, 29 Oct 2012 13:50:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 7E7508FC0C
 for <freebsd-ipfw@hub.freebsd.org>; Mon, 29 Oct 2012 13:50:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q9TDo1L1047216
 for <freebsd-ipfw@freefall.freebsd.org>; Mon, 29 Oct 2012 13:50:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q9TDo19H047215;
 Mon, 29 Oct 2012 13:50:01 GMT (envelope-from gnats)
Date: Mon, 29 Oct 2012 13:50:01 GMT
Message-Id: <201210291350.q9TDo19H047215@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
From: Ian Smith <smithi@nimnet.asn.au>
Subject: Re: kern/165939: [ipw] bug: incomplete firewall rules loaded if tables
 are used in ipfw.conf
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Ian Smith <smithi@nimnet.asn.au>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 13:50:01 -0000

The following reply was made to PR kern/165939; it has been noted by GNATS.

From: Ian Smith <smithi@nimnet.asn.au>
To: bug-followup@FreeBSD.org, hsn@sendmail.cz
Cc:  
Subject: Re: kern/165939: [ipw] bug: incomplete firewall rules loaded if tables
 are used in ipfw.conf
Date: Tue, 30 Oct 2012 00:17:39 +1100

 This is not a bug but a feature, at least for those of us managing some
 or all ipfw tables independently of the ruleset. In such cases flushing
 tables would be a bug, requiring addition of all entries in tables used
 to be included in the ruleset before using service ipfw restart. This
 would be unwieldy at best, esp. for tables updated dynamically by hand
 and/or by other scripts monitoring logs and such (I use both).
 
 I think ipfw(8) is clear enough that ipfw flush just flushes rules, not
 tables, nat or dummynet configs, but emphasising that may be helpful?
 
 For those using tables only defined in their ruleset, adding 'ipfw table
 all flush' (or better, flushing particular tables used by the ruleset)
 before the first 'ipfw table add ..' command is certainly necessary.
 
 cheers, Ian