how do I delete just one ipfw rule ?
Tim Burgess
tim at queens.unimelb.edu.au
Tue Sep 9 10:51:04 PDT 2003
Hi All,
There would be no theoretical problem with adding syntax to ipfw(8)
(and possibly to its kernel interface) to delete a particular rule
would there? eg ipfw delete 1234.5 to delete the fifth instance of
rule 1234? There is clearly a fixed order to the rules, since they
apply in order.
Not that I'm volunteering or anything, but yeah :)
Tim
On Wednesday, September 10, 2003, at 03:45 AM, Julian Elischer wrote:
>
>
> On Tue, 9 Sep 2003, Josh Brooks wrote:
>
>>
>>
>>
>> On Tue, 9 Sep 2003, Luigi Rizzo wrote:
>>
>>> no, it is not possible to delete them -- you have no way to tell
>>> which rule to delete when multiple rules share the same number.
>>
>> Are there any plans to make ipfw more flexible by changing the 65535
>> to
>> the next power of two ? So there are a lot more rules ?
>
> The rule number is only 16 bits long..
>
> This is made use of in 'divert' where the rule number that caused the
> divert is in the port-number field when you do a recvfrom().
> if you change this, it won't work..
>
> On "sendto()" teh rule number is used to suggest where the packet
> "re-enters" the filter. if you pass it back unchanged then
> it reenters the filter at the next rule after the one that diverted
> it..
> (i.e. where it left off)
>
>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list