From owner-freebsd-current Sat Apr 28 21:42:33 2001 Delivered-To: freebsd-current@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 8BA6E37B422 for ; Sat, 28 Apr 2001 21:42:28 -0700 (PDT) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.11.3/8.11.3) id f3T4gLc50171; Sun, 29 Apr 2001 08:42:21 +0400 (MSD) (envelope-from ache) Date: Sun, 29 Apr 2001 08:42:20 +0400 From: "Andrey A. Chernov" To: David Wolfskill Cc: richw@webcom.com, current@FreeBSD.ORG Subject: Re: ipfw: several equal rules under same number bug Message-ID: <20010429084220.A50143@nagual.pp.ru> References: <20010429081131.A49808@nagual.pp.ru> <200104290422.f3T4Mx724878@bunrab.catwhisker.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200104290422.f3T4Mx724878@bunrab.catwhisker.org>; from david@catwhisker.org on Sat, Apr 28, 2001 at 09:22:59PM -0700 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Apr 28, 2001 at 21:22:59 -0700, David Wolfskill wrote: > I have at least one application where I generate ipfw rules in a script, > for a set of subnets which I read from a file at execution time. I am > able to use the numbers to group the firewall rules , so that for any > given subnet, I can predict the order in which the rules will be > applied. In situation you describe you can _add_ rules without any harm, but you can't _delete_ some of them later - it cause totally unpredictable results, i.e. delete operation really not works in the current way. Better way will be to give all subnets unique numbers ranges. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message