From owner-freebsd-ipfw Thu Jan 9 8:32:42 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8184E37B401 for ; Thu, 9 Jan 2003 08:32:40 -0800 (PST) Received: from smnolde.com (c-24-98-61-182.atl.client2.attbi.com [24.98.61.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40B5443F13 for ; Thu, 9 Jan 2003 08:32:39 -0800 (PST) (envelope-from scott@smnolde.com) Received: from [192.168.10.7] (helo=bsd.smnolde.com) by smnolde.com with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 18Wfbc-00019z-00; Thu, 09 Jan 2003 11:32:32 -0500 Received: from scott by bsd.smnolde.com with local (Exim 3.36 #1) id 18Wfbc-0005vA-00; Thu, 09 Jan 2003 11:32:32 -0500 Date: Thu, 9 Jan 2003 11:32:31 -0500 From: "Scott M. Nolde" To: Shawn Barnhart Cc: freebsd-ipfw@freebsd.org Subject: Re: Feature Request Message-ID: <20030109163231.GD15778@smnolde.com> References: <3E1CDC96.24785.27A7458@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-GPG_Fingerprint: 0BD6 DDB4 2978 EB60 E0C8 33F2 BC34 9087 D869 AB48 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Shawn Barnhart(swb@accord.grasslake.net)@2003.01.09 08:30:24 +0000: > On Thu, 9 Jan 2003, Bruno Afonso wrote: > > > On 8 Jan 2003 at 19:00, Scott M. Nolde wrote: > > > > > I understand that rules can be added and removed, but in most cases, once > > > the ruleset is "stable" nothing much changes. Having a relative skip > > > would help me since I have written a number of ipfw-based firewall scripts > > > which could benefit from a relative skip. > > > > If you happen to need to make some quick changes, you will not see it that way. You will > > have to re-read the entire ruleset, calculate the skips, etc. imho, this feature would used > > by 1% of users. > > > > I honestly can't think of any big advantages in the long run at all. > > I'd wager the original poster wants to jump to a specific rule and not just > arbitrarily +5 or something. > > Would a better idea be having the ability to assign a label to a specific > rule? That way you could jump to the label and not just N rules. This way > you could change the ruleset and not fubar the skips. No, I'd like to skip n rules. Skipping to a label could be useful, but the label is absolute like the skipto. In a router script where I have R routes, but each customer has their own set of N rules for packet matching, I could have the script skip N rules for each customer. Having the scripting functionality pre-configured will require much less time for rule maintenance without having to explicitly define a range of rules for each route or calculating a forward predictor for an absolute jump. I could edit the rule script, run the script and the relative jumps would be where i want them. For a router with many rules, having a relative skip would relieve the sysadmin from segregating a range of rule numbers for a particular packet function for a route. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message