From owner-freebsd-ipfw Wed Jan 8 16: 0: 8 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E85D37B401 for ; Wed, 8 Jan 2003 16:00:07 -0800 (PST) Received: from smnolde.com (c-24-98-61-182.atl.client2.attbi.com [24.98.61.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80BA643ED8 for ; Wed, 8 Jan 2003 16:00:06 -0800 (PST) (envelope-from scott@smnolde.com) Received: from [192.168.10.7] (helo=bsd.smnolde.com) by smnolde.com with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 18WQ7C-000LzS-00; Wed, 08 Jan 2003 19:00:06 -0500 Received: from scott by bsd.smnolde.com with local (Exim 3.36 #1) id 18WQ7B-0005kV-00; Wed, 08 Jan 2003 19:00:05 -0500 Date: Wed, 8 Jan 2003 19:00:05 -0500 From: "Scott M. Nolde" To: Gregory Bond Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Feature Request Message-ID: <20030109000005.GB15778@smnolde.com> References: <200301082231.JAA17004@lightning.itga.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301082231.JAA17004@lightning.itga.com.au> User-Agent: Mutt/1.4i X-GPG_Fingerprint: 0BD6 DDB4 2978 EB60 E0C8 33F2 BC34 9087 D869 AB48 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gregory Bond(gnb@itga.com.au)@2003.01.09 09:31:43 +0000: > ?Has there been consideration to make a "relative skip" function > > > Any comments? > > Horrible idea. Rules can be added and deleted in the gap, which silently > changes the meaning of your firewall ruleset. A maintenance nightmare. > > And, as far as I can see, no redeeming features to compensate for the almost > certain foot-shooting this would allow. I don't see it that way. I work in process automation and in our modular programming language we have this capability to skip a number of "blocks" or "jump out" of the program. I understand that rules can be added and removed, but in most cases, once the ruleset is "stable" nothing much changes. Having a relative skip would help me since I have written a number of ipfw-based firewall scripts which could benefit from a relative skip. As you perceive it to become a maintenance nightmare, I see it as a potential benefit. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message