From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 26 10:18:56 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 149C516A416
	for <stable@freebsd.org>; Tue, 26 Dec 2006 10:18:56 +0000 (UTC)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1])
	by mx1.freebsd.org (Postfix) with ESMTP id 80AAB13C474
	for <stable@freebsd.org>; Tue, 26 Dec 2006 10:18:54 +0000 (UTC)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id kBQAIpP5047197; 
	Tue, 26 Dec 2006 12:18:52 +0200 (EET)
	(envelope-from dmitry@atlantis.dp.ua)
Date: Tue, 26 Dec 2006 12:18:51 +0200 (EET)
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: =?UTF-8?B?VsOhY2xhdiBIYWlzbWFu?= <V.Haisman@sh.cvut.cz>
In-Reply-To: <458AEC99.1040003@sh.cvut.cz>
Message-ID: <20061226120838.M28171@atlantis.atlantis.dp.ua>
References: <458AD815.3010601@sh.cvut.cz>
	<1d3ed48c0612211144s631e2cendbfcfb6acfae9ef1@mail.gmail.com>
	<458AE623.4070701@sh.cvut.cz>
	<d5992baf0612211205k5cc2c81dod95d448706396b96@mail.gmail.com>
	<458AEC99.1040003@sh.cvut.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: stable@freebsd.org, Kevin Downey <redchin@gmail.com>,
	Scott Ullrich <sullrich@gmail.com>
Subject: Re: Duplicate IPFW rules
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Dec 2006 10:18:56 -0000


Hello!

On Thu, 21 Dec 2006, Vclav Haisman wrote:
>> One example feature is to be able to delete many rules at once.  If
>> you know that a specific rule number holds rules (example: time based
>> rules) then the script has less work to do.   Now granted since sets
>> where introduced this can be done via this method but this feature has
>> been useful (at least to me) for years and years now.
>>
>> Scott
> Oh, I did not realise this use. Hmm...still, I thought that this is what
> tables are for :)

   The ability to have several distinct ipfw rules with the same rule_number
is also useful for the purposes of traffic accounting. Say, you should tally
traffic received via some interface + traffic from the proxy-server together
for some user:

ipfw add 3000 count all from any to user in recv ext0
ipfw add 3000 count tcp from proxy 3128 to user out

and just teach the traffic accounting utility to sum up byte counts for the
rules with the same number. Very handy, and not doable via lookup tables.

> VH

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE