Date: Tue, 16 Dec 2014 09:33:17 +0330 From: s m <sam.gh1986@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org>, Gary Aitken <freebsd@dreamchaser.org>, "from: Lowell Gilbert" <freebsd-questions-local@be-well.ilk.org> Subject: Re: can ipfw check all permit rules without search termination? Message-ID: <CAA_1SgE1WGnAhok15Bb2QY5ipBRZeWvhaXK-byMAGFhBSq63pQ@mail.gmail.com> In-Reply-To: <548F7869.2040705@dreamchaser.org> References: <CAA_1SgF1Fa4wV0uRpOWqD1k2zUqtugbNhnDF%2Bh-HCoAn7fjsAw@mail.gmail.com> <548F7869.2040705@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help
hello guys, thanks for your answers. you know, i have different services and each one writes ipfw rules in different times. i want to aggregated all rules. i mean if two rules which are written by two different services, have overlap (for example rule number 222 permit packets with 192.168.5.5 src address while rule number 225 permit packets with 192.168.5.5 src address and set next-hop 192.168.10.2 for them), the rule which is more specified, match. in my example, i want to rule number 222 match for packets. in the other words, ipfw uses "first match win" search method. can i change this method???
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAA_1SgE1WGnAhok15Bb2QY5ipBRZeWvhaXK-byMAGFhBSq63pQ>