Date: Sun, 29 Apr 2001 08:42:20 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: David Wolfskill <david@catwhisker.org> Cc: richw@webcom.com, current@FreeBSD.ORG Subject: Re: ipfw: several equal rules under same number bug Message-ID: <20010429084220.A50143@nagual.pp.ru> In-Reply-To: <200104290422.f3T4Mx724878@bunrab.catwhisker.org>; from david@catwhisker.org on Sat, Apr 28, 2001 at 09:22:59PM -0700 References: <20010429081131.A49808@nagual.pp.ru> <200104290422.f3T4Mx724878@bunrab.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 28, 2001 at 21:22:59 -0700, David Wolfskill wrote: > I have at least one application where I generate ipfw rules in a script, > for a set of subnets which I read from a file at execution time. I am > able to use the numbers to group the firewall rules , so that for any > given subnet, I can predict the order in which the rules will be > applied. In situation you describe you can _add_ rules without any harm, but you can't _delete_ some of them later - it cause totally unpredictable results, i.e. delete operation really not works in the current way. Better way will be to give all subnets unique numbers ranges. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010429084220.A50143>