Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Sep 2006 11:52:25 -0700
From:      "Jin Guojun [VFFS]" <>
To:        Freddie Cash <>
Subject:   Re: maximum deny entries?
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Freddie Cash wrote:

>On Tue, September 12, 2006 5:40 pm, Jin Guojun [VFFS] wrote:
>>I am not sure if this is a bug or is there some limitation for total
>>deny entry, when the deny list exceeds a certain length (36 lines at
>>this case), ipfw stop working (see the *** line below).
>>This is on 6.1-R i386 platform.
>>Is there know problem on this issue? or Did I made some mistake?
>>Please CC to me since I am not on the list.
>Works fine here, with 62 deny rules out of 533 rules in total.  While
>not every deny rule has a matched packet so far, the rules under them
>all work fine.
>FreeBSD 6.1-p6, i386 (P2 333 MHz box).
>Freddie Cash
I tested a slightly different way on a different machine with 6.1-R,
it did not have the problem. So, this can be sure not a limitation

This is why I wonder if this is a known bug that is triggered by a certain
ipfw add command pattern somehow.
I will do some investigation further to see if this will be repeatable under
some circumstance.


Want to link to this message? Use this URL: <>