From owner-freebsd-security Tue Jan 9 9:59:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id B5E2237B6DA for ; Tue, 9 Jan 2001 09:58:53 -0800 (PST) Received: from wkst ([209.16.228.146]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id NAA20890 for ; Tue, 9 Jan 2001 13:04:32 -0500 Reply-To: From: "Peter Brezny" To: Subject: RE: What do these mean? Date: Tue, 9 Jan 2001 12:58:07 -0800 Message-ID: <002301c07a7e$de096700$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) In-reply-to: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If ipfw is so poorly written, is anyone working on cleaning it up, or are people just switching to ipforward? Peter Brezny SysAdmin Services Inc. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Dag-Erling Smorgrav Sent: Tuesday, January 09, 2001 2:12 AM To: cjclark@alum.mit.edu Cc: Marc Silver; freebsd-security@FreeBSD.ORG Subject: Re: What do these mean? "Crist J. Clark" writes: > Pretty much the best reason I can give is because that is just how it > works. Perhaps it is best to look at it this way, what would > "removing" them from the list gain you besides prettier output? There's a hard limit on the number of dynamic rules. This isn't the only bogosity related to dynamic rules in ipfw; for instance, 'ipfw list' always lists *all* dynamic rules even if you specify a rule number on the command line (it should only display dynamic rules which were created by the rules listed on the command line). Unfortunately, ipfw(8) is so poorly written that it's not at all trivial to fix. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message