Mark wrote:
> Bill Moran wrote:
>
>> How about using skipto instead of allow? Thus, if it passes the
>> first one, it can just skipto the next rule to be checked. i.e.:
>>
>> ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32
>> ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4
>>
>> Thus, if rule 11 pases, it skips to rule 12. If it fails, it should
>> reject as always. The end result is that a packet _must_ pass both
>> rules to be allowed.
>
> I spoke too soon. :( It seems this sort of rules evokes a bug:
>
> http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-April/001084.html
>
> My whole console is flooded with messages like these:
>
> "ipfw: install_state: entry already present, done"
>
> Is there a known patch?
I just took a look at the code:
if (q != NULL) { /* should never occur */
if (last_log != time_second) {
last_log = time_second;
printf("ipfw: install_state: entry already present, done\n");
}
return 0;
}
What if I just hack the "printf ..." line out of there? Would that 'solve'
it? I know it's dirty; but would things still work?
Thanks,
- Mark
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
