From owner-freebsd-ipfw@FreeBSD.ORG  Sat May  8 19:08:15 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC36116A4CE
	for <freebsd-ipfw@freebsd.org>; Sat,  8 May 2004 19:08:15 -0700 (PDT)
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6352B43D1F
	for <freebsd-ipfw@freebsd.org>; Sat,  8 May 2004 19:08:15 -0700 (PDT)
	(envelope-from louie@transsys.com)
Received: from whizzo.transsys.com (localhost [127.0.0.1])
	by whizzo.transsys.com (Postfix) with ESMTP id 61BB120F78;
	Sat,  8 May 2004 22:08:14 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
To: Oleg Bulyzhin <oleg@rinet.ru>
Organization: Serendipity Scheduling & Management
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie@TransSys.COM>
References: <104341060709.20040505171307@vkt.lt>
	<20040505194451.V9766@lath.rinet.ru> <20040506153815.A75812@xorpc.icir.org>
	<20040507024206.B61144@xorpc.icir.org> <20040507150212.P5201@lath.rinet.ru> 
In-reply-to: Your message of "Fri, 07 May 2004 15:19:06 +0400."
             <20040507150212.P5201@lath.rinet.ru> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 08 May 2004 22:08:14 -0400
Sender: louie@transsys.com
Message-Id: <20040509020814.61BB120F78@whizzo.transsys.com>
cc: Luigi Rizzo <rizzo@icir.org>
cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw: ouch!, skip past end of rules, denying packet 
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2004 02:08:15 -0000


Not to hijack the thread here, but if you're looking at this code, it
would be nice if the logic that the ipfw "queue" command used was
similar to "divert"; where processing picks up at the next higher
rule number rather than the next rule (which might be numbered the
same.) 

I'd like to have a bunch of queue commands in a row (perhaps with less
specific matching criteria in successive rules) and know that if they're
all numbered the same, only the first one will match.

louie