From owner-freebsd-stable@FreeBSD.ORG Fri Dec 22 08:16:21 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CBADF16A407 for ; Fri, 22 Dec 2006 08:16:21 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 538F413C44C for ; Fri, 22 Dec 2006 08:16:17 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (vuhupc@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id kBM8GBSl035856; Fri, 22 Dec 2006 09:16:16 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id kBM8GBoX035855; Fri, 22 Dec 2006 09:16:11 +0100 (CET) (envelope-from olli) Date: Fri, 22 Dec 2006 09:16:11 +0100 (CET) Message-Id: <200612220816.kBM8GBoX035855@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, V.Haisman@sh.cvut.cz In-Reply-To: <458AD815.3010601@sh.cvut.cz> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 22 Dec 2006 09:16:16 +0100 (CET) Cc: Subject: Re: Duplicate IPFW rules X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, V.Haisman@sh.cvut.cz List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 08:16:21 -0000 Václav Haisman wrote: > I have just noticed that ipfw list shows one rule twice. It could be that I > have run a script that adds it twice: That's expected behaviour. Rule numbers are not unique. Think of the rule number as a tag attached to the rule. It's perfectly legal that two rules can have the same tag (number). > Shouldn't IPFW check before adding the same rule number again? No. However, it could be argued that ipfw(8) could check if an existing rule number is added with the same rule body. In that case it would be redundant and have no effect at all. (It wouldn't really be an error either, so ipfw(8) could simply exit successfully without actually adding the rule.) If someone submits a patch for that, I think it would be comitted. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "Clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code" (taken from comp.lang.awk FAQ)