Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Jan 2003 11:32:31 -0500
From:      "Scott M. Nolde" <>
To:        Shawn Barnhart <>
Subject:   Re: Feature Request
Message-ID:  <>
In-Reply-To: <>
References:  <3E1CDC96.24785.27A7458@localhost> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Shawn Barnhart( 08:30:24 +0000:
> On Thu, 9 Jan 2003, Bruno Afonso wrote:
> > On 8 Jan 2003 at 19:00, Scott M. Nolde wrote:
> > 
> > > I understand that rules can be added and removed, but in most cases, once
> > > the ruleset is "stable" nothing much changes.  Having a relative skip
> > > would help me since I have written a number of ipfw-based firewall scripts
> > > which could benefit from a relative skip.
> > 
> > If you happen to need to make some quick changes, you will not see it that way. You will 
> > have to re-read the entire ruleset, calculate the skips, etc. imho, this feature would used 
> > by 1% of users. 
> > 
> > I honestly can't think of any big advantages in the long run at all.
> I'd wager the original poster wants to jump to a specific rule and not just
> arbitrarily +5 or something.
> Would a better idea be having the ability to assign a label to a specific
> rule?  That way you could jump to the label and not just N rules.  This way
> you could change the ruleset and not fubar the skips.

No, I'd like to skip n rules.  Skipping to a label could be useful, but
the label is absolute like the skipto.

In a router script where I have R routes, but each customer has their
own set of N rules for packet matching, I could have the script skip N
rules for each customer.  Having the scripting functionality
pre-configured will require much less time for rule maintenance without
having to explicitly define a range of rules for each route or calculating
a forward predictor for an absolute jump.   I could edit the rule script, 
run the script and the relative jumps would be where i want them.

For a router with many rules, having a relative skip would relieve the
sysadmin from segregating a range of rule numbers for a particular
packet function for a route.

Scott Nolde
GPG Key 0xD869AB48

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>