There would be no theoretical problem with adding syntax to ipfw(8) (and possibly to its kernel interface) to delete a particular rule would there? eg ipfw delete 1234.5 to delete the fifth instance of rule 1234? There is clearly a fixed order to the rules, since they apply in order.
Not that I'm volunteering or anything, but yeah :)
Tim
On Wednesday, September 10, 2003, at 03:45 AM, Julian Elischer wrote:
On Tue, 9 Sep 2003, Josh Brooks wrote:
On Tue, 9 Sep 2003, Luigi Rizzo wrote:
no, it is not possible to delete them -- you have no way to tell which rule to delete when multiple rules share the same number.
Are there any plans to make ipfw more flexible by changing the 65535 to
the next power of two ? So there are a lot more rules ?
The rule number is only 16 bits long..
This is made use of in 'divert' where the rule number that caused the divert is in the port-number field when you do a recvfrom(). if you change this, it won't work..
On "sendto()" teh rule number is used to suggest where the packet
"re-enters" the filter. if you pass it back unchanged then
it reenters the filter at the next rule after the one that diverted it..
(i.e. where it left off)
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
