Date: Thu, 18 Sep 2014 08:34:43 +0800 From: bycn82 <bycn82@gmail.com> To: Freddie Cash <fjwcash@gmail.com>, Willem Jan Withagen <wjw@digiware.nl> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: IPFW rule sets and automatic rule numbering Message-ID: <541A28A3.2090300@gmail.com> In-Reply-To: <CAOjFWZ68P8mRmanBKdpc_=GQ1vWUhd3G00MvKKWHPpHSLJoA_A@mail.gmail.com> References: <CAOjFWZ4rx4FAc4AoPw3d=cSg4-z_QOWEF=phkT2PuzfUjn0y5A@mail.gmail.com> <CAOjFWZ6i1%2BgCZ9jMnBNEGqL7airdxN3d=B0__Z_Zj1gGG4APKg@mail.gmail.com> <541469D4.6070107@gmail.com> <CAOjFWZ749EazFz1prFRfidp9bqmqO%2B=%2BXFsu7mVtE%2Bnq2CxwKw@mail.gmail.com> <54156FBB.1030907@digiware.nl> <CAOjFWZ4yhLd=kSLAnSYR=%2BoG3CW5HuptWOGPMbzamS7EHvavng@mail.gmail.com> <CAOjFWZ68P8mRmanBKdpc_=GQ1vWUhd3G00MvKKWHPpHSLJoA_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/17/14 22:58, Freddie Cash wrote: > Just to summarise everything: > > 1. Automatic rule numbering works beautifully if you only ever use > the default rule set (set 0). Meaning, if you don't use any set > commands at all. > > 2. If you manually number every rule, then using rule sets works > beautifully. > > 3. Doing a little set manipulation allows you to load updated rules > without disconnecting anyone or dropping any packets: > disable set 1 > load rules into set 1 > enable set 1 you dont need below steps. > swap set 1 0 > disable set 1 > > I understand how everything works a little bit better now. Thanks for > all the help and pointers and discussion. > > -- > Freddie Cash > fjwcash@gmail.com <mailto:fjwcash@gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?541A28A3.2090300>