Named states in ipfw (and old rulesets)
Lev Serebryakov
lev at FreeBSD.org
Mon Aug 15 09:32:20 UTC 2016
On 15.08.2016 9:11, Ian Smith wrote:
> One thing I wondered about earlier but didn't ask is that the order of
> options is generally not relevant, so for example the commonly used:
>
> ipfw add skipto $somewhere tcp from $a to $b setup keep-state
>
> would currently be equally valid as:
>
> ipfw add skipto $somewhere tcp from $a to $b keep-state setup
>
> with possibly other options following?
Both work now on -CURRENT as expected , but second one will show you
two-line warning, that state name was changed to "default".
> I think existing rulesets working out of the box is vital too; the last
> thing needed on managed remote boxes is firewall breakage on upgrading.
Existing rulesets are not broken, but could give you non-intuitive
warnings now :)
--
// Lev Serebryakov AKA Black Lion
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 964 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20160815/b9537411/attachment.sig>
More information about the freebsd-ipfw
mailing list