From owner-freebsd-ipfw@FreeBSD.ORG  Mon Sep  1 07:03:35 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8DDE016A4BF
	for <freebsd-ipfw@freebsd.org>; Mon,  1 Sep 2003 07:03:35 -0700 (PDT)
Received: from exchange.wan.no (exchange.wan.no [80.86.128.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4586C43FDF
	for <freebsd-ipfw@freebsd.org>; Mon,  1 Sep 2003 07:03:34 -0700 (PDT)
	(envelope-from sten.daniel.sorsdal@wan.no)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 1 Sep 2003 16:00:57 +0200
Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F1F3EAA@exchange.wanglobal.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: IPFW2, sets and dynamic rules.
Thread-Index: AcNwkBWw5ofDqpPRTaqhYX+Df/b2OgAAV43A
From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no>
To: "Luigi Rizzo" <rizzo@icir.org>
cc: freebsd-ipfw@freebsd.org
Subject: RE: IPFW2, sets and dynamic rules.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Sep 2003 14:03:35 -0000


Yes but that is only to empty an ancient (possibly empty) ruleset.

Notice the swap in the last bit.=20

But do dynamic rules keep tabs on which 'set' they belong to?
If so, do their 'set' information get swapped also?


>=20
> dynamic rules do not survive a delete, so your "delete set 1" is what
> kills your connections.
>=20
> 	cheers
> 	luigi
>=20
> On Mon, Sep 01, 2003 at 03:29:36PM +0200, Sten Daniel S=F8rsdal wrote:
> >=20
> > Being a complete ipfw idiot, i hoped someone could clarify=20
> this to me.
> >=20

[.snip.]

> >=20
> > do the dynamic rules always point to the same set or do the=20
> point to the new set when i run swap?
> >=20
> > do i need to enable set 1 afterwards to make it work? how=20
> is then the line of rule execution, when
> > two sets are enabled?=20
> >=20
> > are there any ways to change the set 0 rules while still=20
> retaining the functionality of the old
> > dynamic rules?
> >=20

- Sten