Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Jan 2003 11:32:31 -0500
From:      "Scott M. Nolde" <scott@smnolde.com>
To:        Shawn Barnhart <swb@accord.grasslake.net>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Feature Request
Message-ID:  <20030109163231.GD15778@smnolde.com>
In-Reply-To: <Pine.BSF.4.21.0301090806420.60469-100000@accord.grasslake.net>
References:  <3E1CDC96.24785.27A7458@localhost> <Pine.BSF.4.21.0301090806420.60469-100000@accord.grasslake.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Shawn Barnhart(swb@accord.grasslake.net)@2003.01.09 08:30:24 +0000:
> On Thu, 9 Jan 2003, Bruno Afonso wrote:
> 
> > On 8 Jan 2003 at 19:00, Scott M. Nolde wrote:
> > 
> > > I understand that rules can be added and removed, but in most cases, once
> > > the ruleset is "stable" nothing much changes.  Having a relative skip
> > > would help me since I have written a number of ipfw-based firewall scripts
> > > which could benefit from a relative skip.
> > 
> > If you happen to need to make some quick changes, you will not see it that way. You will 
> > have to re-read the entire ruleset, calculate the skips, etc. imho, this feature would used 
> > by 1% of users. 
> > 
> > I honestly can't think of any big advantages in the long run at all.
> 
> I'd wager the original poster wants to jump to a specific rule and not just
> arbitrarily +5 or something.
> 
> Would a better idea be having the ability to assign a label to a specific
> rule?  That way you could jump to the label and not just N rules.  This way
> you could change the ruleset and not fubar the skips.

No, I'd like to skip n rules.  Skipping to a label could be useful, but
the label is absolute like the skipto.

In a router script where I have R routes, but each customer has their
own set of N rules for packet matching, I could have the script skip N
rules for each customer.  Having the scripting functionality
pre-configured will require much less time for rule maintenance without
having to explicitly define a range of rules for each route or calculating
a forward predictor for an absolute jump.   I could edit the rule script, 
run the script and the relative jumps would be where i want them.

For a router with many rules, having a relative skip would relieve the
sysadmin from segregating a range of rule numbers for a particular
packet function for a route.

-- 
Scott Nolde
GPG Key 0xD869AB48

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030109163231.GD15778>