Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Sep 2006 11:38:32 +0200 (CDT)
From:      "Martin" <bts@iae.nl>
To:        "ipfw@freebsd.org" <ipfw@freebsd.org>, "Jin Guojun [VFFS]" <j_guojun@lbl.gov>
Subject:   Re: maximum deny entries?
Message-ID:  <200609131138.3334981.6@btsoftware.com>
In-Reply-To: <4507539A.5000502@lbl.gov>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
All deny rules should have a different number .......

/Martin


On Tue, 12 Sep 2006 17:40:58 -0700, Jin Guojun [VFFS] wrote:

>I am not sure if this is a bug or is there some limitation for total 
>deny entry,
>when the deny list exceeds a certain length (36 lines at this case),
>ipfw stop working (see the *** line below).
>
>This is on 6.1-R i386 platform.
>Is there know problem on this issue? or Did I made some mistake?
>
>Please CC to me since I am not on the list.
>
>    -Jin
>
># ipfw list
>...all non deny entries are removed
>00361 deny ip from 202.124.17.215 to any
>00361 deny ip from 65.245.144.158 to any
>00361 deny ip from 210.76.124.84 to any
>00362 deny ip from 220.78.122.177 to any
>00362 deny ip from 192.248.32.3 to any
>00362 deny ip from 70.229.145.61 to any
>00362 deny ip from 64.40.106.252 to any
>00362 deny ip from 65.204.143.112 to any
>00362 deny ip from 204.16.200.34 to any
>00362 deny ip from 62.141.42.33 to any
>00362 deny ip from 66.221.219.117 to any
>00362 deny ip from 148.223.146.29 to any
>00362 deny ip from 82.136.37.93 to any
>00362 deny ip from 68.12.255.97 to any
>00362 deny ip from 195.110.108.70 to any
>00362 deny ip from 69.5.77.151 to any
>00362 deny ip from 202.29.9.19 to any
>00362 deny ip from 210.196.245.131 to any
>00363 deny ip from 71.135.36.103 to any
>00363 deny ip from 71.226.110.30 to any
>00363 deny ip from 71.135.109.190 to any
>00364 deny ip from 71.207.46.56 to any
>00364 deny ip from 71.135.52.79 to any
>00364 deny ip from 71.135.179.240 to any
>00364 deny ip from 222.168.102.118 to any
>00364 deny ip from 71.135.65.16 to any
>00364 deny ip from 83.19.158.66 to any
>00364 deny ip from 71.79.1.13 to any
>00364 deny ip from 71.135.206.213 to any
>00364 deny ip from 71.135.129.195 to any
>00364 deny ip from 217.6.105.253 to any
>00364 deny ip from 71.135.44.127 to any
>00364 deny ip from 71.135.37.42 to any
>00364 deny ip from 71.135.142.223 to any
>00364 deny ip from 71.135.69.201 to any
>00364 deny ip from 71.135.185.66 to any   *********** fails starts from here
>00364 deny ip from 71.135.96.85 to any
>00364 deny ip from 71.135.41.68 to any
>00364 deny ip from 71.135.35.252 to any
>00364 deny ip from 71.135.178.215 to any
>00365 deny ip from somewhere to any *********** will not work
>_______________________________________________
>freebsd-ipfw@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"






Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200609131138.3334981.6>