Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Jan 2003 17:32:23 -0800
From:      Luigi Rizzo <rizzo@icir.org>
To:        "Simon L. Nielsen" <simon@nitro.dk>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Sanity check in ipfw(8)
Message-ID:  <20030120173223.A83271@xorpc.icir.org>
In-Reply-To: <20030121012046.GG351@nitro.dk>; from simon@nitro.dk on Tue, Jan 21, 2003 at 02:20:47AM +0100
References:  <20030121004353.GF351@nitro.dk> <20030120165940.A65713@xorpc.icir.org> <20030121012046.GG351@nitro.dk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, Jan 21, 2003 at 02:20:47AM +0100, Simon L. Nielsen wrote:
...
> Ok - the extra check was only to make the user aware simple errors (that
> ipfw1 did not allow). If you don't think the checks should be there then
> I can live with that so the PR can be closed.

yes i honestly believe that it is better to avoid the userland code
being too smart. E.g. ipfw accepts things such as

	allow ip from any to any 53

which matches both tcp and udp to port 53 -- ipfw1 did not accept
this, and needed two rules for this very common thing.

	cheers
	luigi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030120173223.A83271>