From owner-freebsd-security Sun Sep 20 06:50:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA27107 for freebsd-security-outgoing; Sun, 20 Sep 1998 06:50:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (pppk-19.igrin.co.nz [202.49.245.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA27102 for ; Sun, 20 Sep 1998 06:50:56 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.7/8.8.7) with SMTP id BAA06465; Mon, 21 Sep 1998 01:50:19 +1200 (NZST) (envelope-from andrew@squiz.co.nz) Date: Mon, 21 Sep 1998 01:50:19 +1200 (NZST) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: "N. N.M" cc: security@FreeBSD.ORG Subject: Re: Show & LIST commands in IPFW In-Reply-To: <19980920123918.479.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 20 Sep 1998, N. N.M wrote: > I use IPFW with around 9000 rules. These 9000 rules are active in > system's databases, but I can't brows them by using the SHOW or LIST > commands. Using these commands causes the following message and then > auto-rebooting of system: Probably this should be a moot point. Probably you should rewrite your ruleset to use less rules. If you can describe in general terms what you're trying to do with this ruleset, then you're half way to generalising the rules. Using skipto and a bit of thought about the similarities between different rules you use you should be able to knock it right down. You'll probably get a performance win as well as recovering your list/show functionality. the 'list' routine in ipfw.c defines struct ip_fw rules[1024]; I haven't read in depth, so there may be gotchas, but it looks like it's probably an easy fix. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message