From owner-freebsd-questions@FreeBSD.ORG Wed Mar 15 20:13:17 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBC2016A401 for ; Wed, 15 Mar 2006 20:13:17 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AB8E43D49 for ; Wed, 15 Mar 2006 20:13:17 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by zproxy.gmail.com with SMTP id 9so208442nzo for ; Wed, 15 Mar 2006 12:13:16 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bZiHwhYXtZqWUqO+3padTKbec63fFoGquZVwD3jYF3RJCTUcBzvhPbTfe+J/8EsCWcmGB7zZlII03QExQXU73gSbIC8Hj5odgpOXal54m67QpW5WKzDrEMB4oAhoKvQbwZDvur9aacUMs4/jNW/ALyc0l3st5OHnqpz75Bw/jK0= Received: by 10.36.132.4 with SMTP id f4mr1242137nzd; Wed, 15 Mar 2006 12:13:16 -0800 (PST) Received: by 10.37.22.74 with HTTP; Wed, 15 Mar 2006 12:13:16 -0800 (PST) Message-ID: Date: Wed, 15 Mar 2006 23:13:16 +0300 From: "Andrew Pantyukhin" To: shih@math.jussieu.fr In-Reply-To: <20060315154847.GI21264@math.jussieu.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060315154847.GI21264@math.jussieu.fr> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw add rule X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Mar 2006 20:13:17 -0000 On 3/15/06, Albert Shih wrote: > Hi all > > How can I add a rule with ipfw with automatics numbering but with a minim= al > number ? > > I've (for example) some rule in the kernel > > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > .......................................................... > 01000 0 0 allow ip from .... > 65535 0 0 deny ip from any to any > > I want add some rule (with sshblack for example > http://www.pettingers.org/code/sshblack.html) automaticaly with number 11= 00 > , 1200, etc... > > How can I do that ? > > Regards. > > -- > Albert SHIH > Universite de Paris 7 (Denis DIDEROT) > U.F.R. de Mathematiques. > Heure local/Local time: > Wed Mar 15 16:43:34 CET 2006 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > Please read ipfw(8) manpage. [quote] Automatic rule numbers are assigned by incrementing the last non- default rule number by the value of the sysctl variable net.inet.ip.fw.autoinc_step which defaults to 100. If this is not possible (e.g. because we would go beyond the maximum allowed rule number), the number of the last non-default value is used instead. [/quote] There's nothing more to it.