From owner-freebsd-ipfw@FreeBSD.ORG Wed Jan 14 09:04:51 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8B7F16A4CE for ; Wed, 14 Jan 2004 09:04:51 -0800 (PST) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59E1943D55 for ; Wed, 14 Jan 2004 09:04:47 -0800 (PST) (envelope-from sten.daniel.sorsdal@wan.no) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Wed, 14 Jan 2004 18:04:45 +0100 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F5D9779@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: semantics of 'not-applicable' options in ipfw ? Thread-Index: AcPaulN3I0OC6nBDTOCLSuWvivr8zQABHPKw From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Luigi Rizzo" , Subject: RE: semantics of 'not-applicable' options in ipfw ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 17:04:51 -0000 =20 > As the subject says... what is people's opinion on the best=20 > semantics for 'not-applicable' options in ipfw rules ? >=20 > As an example, if i say (using ipfw2 syntax, for simplicity) >=20 > 100 count src-port 100 > 200 count not src-port 100 >=20 It is in my opinion that people in general interpret this=20 example to count tcp/udp packets from (src-port=3D=3D100) and (src-port!=3D100), despite the man page. For example; 100 count src-port 100 200 count src-port not 100 I also believe that "via" option also causes the same kind of = confussion. By the way, do you have any plans to implement a tag/flag system? ( example: 100 flag 100 src-port 100 200 allow flag 100 ) _// Sten Daniel S=F8rsdal