Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Sep 2006 11:52:25 -0700
From:      "Jin Guojun [VFFS]" <j_guojun@lbl.gov>
To:        Freddie Cash <fcash@ocis.net>
Cc:        ipfw@freebsd.org
Subject:   Re: maximum deny entries?
Message-ID:  <45085369.50601@lbl.gov>
In-Reply-To: <60562.24.71.118.34.1158120454.squirrel@webmail.sd73.bc.ca>
References:  <4507539A.5000502@lbl.gov> <60562.24.71.118.34.1158120454.squirrel@webmail.sd73.bc.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Freddie Cash wrote:

>On Tue, September 12, 2006 5:40 pm, Jin Guojun [VFFS] wrote:
>  
>
>>I am not sure if this is a bug or is there some limitation for total
>>deny entry, when the deny list exceeds a certain length (36 lines at
>>this case), ipfw stop working (see the *** line below).
>>
>>This is on 6.1-R i386 platform.
>>Is there know problem on this issue? or Did I made some mistake?
>>
>>Please CC to me since I am not on the list.
>>    
>>
>
>Works fine here, with 62 deny rules out of 533 rules in total.  While
>not every deny rule has a matched packet so far, the rules under them
>all work fine.
>
>FreeBSD 6.1-p6, i386 (P2 333 MHz box).
>----
>Freddie Cash
>fcash@ocis.net
>  
>
I tested a slightly different way on a different machine with 6.1-R,
it did not have the problem. So, this can be sure not a limitation
problem.

This is why I wonder if this is a known bug that is triggered by a certain
ipfw add command pattern somehow.
I will do some investigation further to see if this will be repeatable under
some circumstance.

    -Jin



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?45085369.50601>