ipfw add rule
Andrew Pantyukhin
infofarmer at gmail.com
Wed Mar 15 20:13:17 UTC 2006
On 3/15/06, Albert Shih <shih at math.jussieu.fr> wrote:
> Hi all
>
> How can I add a rule with ipfw with automatics numbering but with a minimal
> number ?
>
> I've (for example) some rule in the kernel
>
> 00100 0 0 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> ..........................................................
> 01000 0 0 allow ip from ....
> 65535 0 0 deny ip from any to any
>
> I want add some rule (with sshblack for example
> http://www.pettingers.org/code/sshblack.html) automaticaly with number 1100
> , 1200, etc...
>
> How can I do that ?
>
> Regards.
>
> --
> Albert SHIH
> Universite de Paris 7 (Denis DIDEROT)
> U.F.R. de Mathematiques.
> Heure local/Local time:
> Wed Mar 15 16:43:34 CET 2006
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Please read ipfw(8) manpage.
[quote]
Automatic rule numbers are assigned by incrementing the last non-
default rule number by the value of the sysctl variable
net.inet.ip.fw.autoinc_step which defaults to 100. If this is
not possible (e.g. because we would go beyond the maximum allowed
rule number), the number of the last non-default value is used
instead.
[/quote]
There's nothing more to it.
More information about the freebsd-questions
mailing list