Date: Fri, 2 Feb 1996 22:19:53 +0100 (MET) From: Ollivier Robert <roberto@keltia.freenix.fr> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: nate@sri.MT.net, imb@scgt.oz.au, current@FreeBSD.org Subject: Re: ip_fw ordering of rules.. Message-ID: <199602022119.WAA23947@keltia.freenix.fr> In-Reply-To: <1196.823215159@critter.tfs.com> from "Poul-Henning Kamp" at "Feb 1, 96 11:52:39 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that Poul-Henning Kamp said: > It basically sorts so that the rule covering most addresses come first. > > It doesn't look at deny/pass in that context, so if you say: I'm coming a little bit late on the subject, but I think that we should remove the sorting altogether. Sorting make the software do things you don't expect (as in Poul-Henning's example). In that respect, anyone using ipfw can't afford the potential risk. > deny some specific port > allow the rest > > It will come out as: > allow everything > a deny rule never used. Sorting access lists is *evil*. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Sun Jan 14 20:23:45 MET 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602022119.WAA23947>