Date: Mon, 20 Jan 2003 21:56:10 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: Luigi Rizzo <rizzo@icir.org> Cc: "Simon L. Nielsen" <simon@nitro.dk>, freebsd-ipfw@FreeBSD.ORG Subject: Re: Sanity check in ipfw(8) Message-ID: <3E2CE0FA.2080301@tenebras.com> In-Reply-To: <20030121004353.GF351@nitro.dk> References: <20030121004353.GF351@nitro.dk> <20030120165940.A65713@xorpc.icir.org> <20030121012046.GG351@nitro.dk> <20030120173223.A83271@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote: > On Tue, Jan 21, 2003 at 02:20:47AM +0100, Simon L. Nielsen wrote: > ... > > >Ok - the extra check was only to make the user aware simple errors (that > >ipfw1 did not allow). If you don't think the checks should be there then > >I can live with that so the PR can be closed. > > > yes i honestly believe that it is better to avoid the userland code > being too smart. E.g. ipfw accepts things such as > > allow ip from any to any 53 > > which matches both tcp and udp to port 53 -- ipfw1 did not accept > this, and needed two rules for this very common thing. Shi'ite! Documentation? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E2CE0FA.2080301>