From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 13 09:38:37 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17E0816A417 for ; Wed, 13 Sep 2006 09:38:37 +0000 (UTC) (envelope-from bts@iae.nl) Received: from smtp-vbr3.xs4all.nl (smtp-vbr3.xs4all.nl [194.109.24.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43E8E43D49 for ; Wed, 13 Sep 2006 09:38:35 +0000 (GMT) (envelope-from bts@iae.nl) Received: from btsoftware.com (a80-126-117-160.adsl.xs4all.nl [80.126.117.160]) by smtp-vbr3.xs4all.nl (8.13.6/8.13.6) with SMTP id k8D9cY5G036220 for ; Wed, 13 Sep 2006 11:38:34 +0200 (CEST) (envelope-from bts@iae.nl) Received: from anaconda (anaconda.office [192.168.0.12] ) by btsoftware.com (Hethmon Brothers Smtpd) ; Wed, 13 Sep 2006 11:38:33 +0200 Message-Id: <200609131138.3334981.6@btsoftware.com> From: "Martin" To: "ipfw@freebsd.org" , "Jin Guojun [VFFS]" Date: Wed, 13 Sep 2006 11:38:32 +0200 (CDT) Priority: Normal X-Mailer: PMMail 2.20.2380 for OS/2 Warp 4.5 In-Reply-To: <4507539A.5000502@lbl.gov> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Virus-Scanned: by XS4ALL Virus Scanner Cc: Subject: Re: maximum deny entries? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Martin List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2006 09:38:37 -0000 All deny rules should have a different number ....... /Martin On Tue, 12 Sep 2006 17:40:58 -0700, Jin Guojun [VFFS] wrote: >I am not sure if this is a bug or is there some limitation for total >deny entry, >when the deny list exceeds a certain length (36 lines at this case), >ipfw stop working (see the *** line below). > >This is on 6.1-R i386 platform. >Is there know problem on this issue? or Did I made some mistake? > >Please CC to me since I am not on the list. > > -Jin > ># ipfw list >...all non deny entries are removed >00361 deny ip from 202.124.17.215 to any >00361 deny ip from 65.245.144.158 to any >00361 deny ip from 210.76.124.84 to any >00362 deny ip from 220.78.122.177 to any >00362 deny ip from 192.248.32.3 to any >00362 deny ip from 70.229.145.61 to any >00362 deny ip from 64.40.106.252 to any >00362 deny ip from 65.204.143.112 to any >00362 deny ip from 204.16.200.34 to any >00362 deny ip from 62.141.42.33 to any >00362 deny ip from 66.221.219.117 to any >00362 deny ip from 148.223.146.29 to any >00362 deny ip from 82.136.37.93 to any >00362 deny ip from 68.12.255.97 to any >00362 deny ip from 195.110.108.70 to any >00362 deny ip from 69.5.77.151 to any >00362 deny ip from 202.29.9.19 to any >00362 deny ip from 210.196.245.131 to any >00363 deny ip from 71.135.36.103 to any >00363 deny ip from 71.226.110.30 to any >00363 deny ip from 71.135.109.190 to any >00364 deny ip from 71.207.46.56 to any >00364 deny ip from 71.135.52.79 to any >00364 deny ip from 71.135.179.240 to any >00364 deny ip from 222.168.102.118 to any >00364 deny ip from 71.135.65.16 to any >00364 deny ip from 83.19.158.66 to any >00364 deny ip from 71.79.1.13 to any >00364 deny ip from 71.135.206.213 to any >00364 deny ip from 71.135.129.195 to any >00364 deny ip from 217.6.105.253 to any >00364 deny ip from 71.135.44.127 to any >00364 deny ip from 71.135.37.42 to any >00364 deny ip from 71.135.142.223 to any >00364 deny ip from 71.135.69.201 to any >00364 deny ip from 71.135.185.66 to any *********** fails starts from here >00364 deny ip from 71.135.96.85 to any >00364 deny ip from 71.135.41.68 to any >00364 deny ip from 71.135.35.252 to any >00364 deny ip from 71.135.178.215 to any >00365 deny ip from somewhere to any *********** will not work >_______________________________________________ >freebsd-ipfw@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"