Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Sep 1998 01:50:19 +1200 (NZST)
From:      Andrew McNaughton <andrew@squiz.co.nz>
To:        "N. N.M" <madrapour@hotmail.com>
Cc:        security@FreeBSD.ORG
Subject:   Re: Show & LIST commands in IPFW 
Message-ID:  <Pine.BSF.3.96.980921012141.5955C-100000@aniwa.sky>
In-Reply-To: <19980920123918.479.qmail@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Sep 1998, N. N.M wrote:

> I use IPFW with around 9000 rules. These 9000 rules are active in 
> system's databases, but I can't brows them by using the SHOW or LIST 
> commands. Using these commands causes the following message and then 
> auto-rebooting of system:

Probably this should be a moot point.

Probably you should rewrite your ruleset to use less rules.  If you can
describe in general terms what you're trying to do with this ruleset, then
you're half way to generalising the rules.

Using skipto and a bit of thought about the similarities between different
rules you use you should be able to knock it right down.  You'll probably
get a performance win as well as recovering your list/show functionality.

the 'list' routine in ipfw.c defines 

	struct ip_fw rules[1024];

I haven't read in depth, so there may be gotchas, but it looks like it's
probably an easy fix.


Andrew McNaughton



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980921012141.5955C-100000>