Date: Sun, 29 Apr 2001 08:11:32 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Rich Wales <richw@webcom.com> Cc: current@freebsd.org Subject: Re: ipfw: several equal rules under same number bug Message-ID: <20010429081131.A49808@nagual.pp.ru> In-Reply-To: <20010429024118.03804.richw@wyattearp.stanford.edu>; from richw@webcom.com on Sat, Apr 28, 2001 at 08:21:36PM -0700 References: <20010429063345.A48717@nagual.pp.ru> <20010429024118.03804.richw@wyattearp.stanford.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 28, 2001 at 20:21:36 -0700, Rich Wales wrote: > Andrey A. Chernov wrote: > > > I use equal "ipfw add" several times from the script, but > > the rule number was the same all times. I expect that rule > > is replaced, not added with same number several times. > > No. There can be multiple rules with the same number. If you run > multiple "ipfw add" commands with the same number, they are stored > (and executed) in the order in which they were added. > > Having multiple =identical= rules with the same number doesn't make > too much sense, since -- as you noticed -- the ones after the first > will never match (unless the rule has a "count" action, in which > case all of the identical rules will match). I think it is very contr-intuitive way, better action will be "replace" if number is the same. We have _enough_ numbers to not compact rules in such bad manner. For example "ipfw delete" takes number as an argument, what rule it suppose to delete, if the number is the same? I.e. how can I delete specific rule if all have the same number? Etc, etc. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010429081131.A49808>