[luigi@FreeBSD.org: cvs commit: src/sbin/ipfw ipfw2.c]
Patrick Tracanelli
eksffa at freebsdbrasil.com.br
Mon Jul 14 15:17:41 PDT 2003
>
> * implement comments in ipfw commands. These are implemented in the
> kernel as O_NOP commands (which always match) whose body contains
> the comment string. In userland, a comment is a C++-style comment
> appended to the rule:
>
> ipfw add allow ip from me to any // i can talk to everybody
>
> cheers
> luigi
Got a funny behaviour here; keep-state option is displayed after
comment, see:
ipfw 200 add count tcp from any to any out xmit ath0 setup keep-state //
comment
00200 count tcp from any to any out xmit ath0 setup // comment keep-state
ipfw sh 200
00200 47 5537 count tcp from any to any out xmit ath0 setup //
comment keep-state
But still works:
## Dynamic rules (1):
00200 10 472 (0s) STATE tcp 200.210.42.5 49653 <-> 200.210.70.4 25
Just a display misbehaviour;
--
Atenciosamente,
Patrick Tracanelli
patrick @ freebsdbrasil.com.br
"Long live Hanin Elias, Kim Deal!"
More information about the freebsd-ipfw
mailing list