From owner-freebsd-ipfw  Tue Jan 21 10: 4:13 2003
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3776D37B401
	for <freebsd-ipfw@FreeBSD.ORG>; Tue, 21 Jan 2003 10:04:12 -0800 (PST)
Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8200F43F43
	for <freebsd-ipfw@FreeBSD.ORG>; Tue, 21 Jan 2003 10:04:11 -0800 (PST)
	(envelope-from kudzu@tenebras.com)
Received: (qmail 72898 invoked from network); 21 Jan 2003 18:04:10 -0000
Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241)
  by 0 with SMTP; 21 Jan 2003 18:04:10 -0000
Message-ID: <3E2D8B98.10809@tenebras.com>
Date: Tue, 21 Jan 2003 10:04:08 -0800
From: Michael Sierchio <kudzu@tenebras.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.2b) Gecko/20021016
X-Accept-Language: en-us, en, fr-fr, ru
MIME-Version: 1.0
To: Luigi Rizzo <rizzo@icir.org>
Cc: "Simon L. Nielsen" <simon@nitro.dk>, freebsd-ipfw@FreeBSD.ORG
Subject: Re: Sanity check in ipfw(8)
References: <20030121004353.GF351@nitro.dk> <20030120165940.A65713@xorpc.icir.org> <20030121012046.GG351@nitro.dk> <20030120173223.A83271@xorpc.icir.org> <20030121004353.GF351@nitro.dk> <3E2CE0FA.2080301@tenebras.com> <20030121095159.A61957@xorpc.icir.org>
In-Reply-To: <20030121004353.GF351@nitro.dk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

Luigi Rizzo wrote:

> On Mon, Jan 20, 2003 at 09:56:10PM -0800, Michael Sierchio wrote:
> ...
>
> >>yes i honestly believe that it is better to avoid the userland code
> >>being too smart. E.g. ipfw accepts things such as
> >>
> >>	allow ip from any to any 53
> >>
> >>which matches both tcp and udp to port 53 -- ipfw1 did not accept
> >>this, and needed two rules for this very common thing.
> >
> >Shi'ite!  Documentation?
>
>
> well it's in the ipfw manpage. ...


Yes, I guess it is.  The problem is that the manpage attempts to
document two commands which are syntactically and semantically
different -- enough that they should be documented separately.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message