Date: Mon, 20 Jan 2003 17:32:23 -0800 From: Luigi Rizzo <rizzo@icir.org> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Sanity check in ipfw(8) Message-ID: <20030120173223.A83271@xorpc.icir.org> In-Reply-To: <20030121012046.GG351@nitro.dk>; from simon@nitro.dk on Tue, Jan 21, 2003 at 02:20:47AM %2B0100 References: <20030121004353.GF351@nitro.dk> <20030120165940.A65713@xorpc.icir.org> <20030121012046.GG351@nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 21, 2003 at 02:20:47AM +0100, Simon L. Nielsen wrote: ... > Ok - the extra check was only to make the user aware simple errors (that > ipfw1 did not allow). If you don't think the checks should be there then > I can live with that so the PR can be closed. yes i honestly believe that it is better to avoid the userland code being too smart. E.g. ipfw accepts things such as allow ip from any to any 53 which matches both tcp and udp to port 53 -- ipfw1 did not accept this, and needed two rules for this very common thing. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030120173223.A83271>