From owner-freebsd-security Tue Jan 9 2:12:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id A85A237B401 for ; Tue, 9 Jan 2001 02:12:05 -0800 (PST) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id LAA98699; Tue, 9 Jan 2001 11:12:02 +0100 (CET) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: cjclark@alum.mit.edu Cc: Marc Silver , freebsd-security@FreeBSD.ORG Subject: Re: What do these mean? References: <20010109084540.Y94766@draenor.org> <20010108234245.J95729@rfx-64-6-211-149.users.reflexco> <20010109094650.C94766@draenor.org> <20010109003107.R95729@rfx-64-6-211-149.users.reflexco> From: Dag-Erling Smorgrav Date: 09 Jan 2001 11:12:02 +0100 In-Reply-To: "Crist J. Clark"'s message of "Tue, 9 Jan 2001 00:31:07 -0800" Message-ID: Lines: 17 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Crist J. Clark" writes: > Pretty much the best reason I can give is because that is just how it > works. Perhaps it is best to look at it this way, what would > "removing" them from the list gain you besides prettier output? There's a hard limit on the number of dynamic rules. This isn't the only bogosity related to dynamic rules in ipfw; for instance, 'ipfw list' always lists *all* dynamic rules even if you specify a rule number on the command line (it should only display dynamic rules which were created by the rules listed on the command line). Unfortunately, ipfw(8) is so poorly written that it's not at all trivial to fix. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message