Duplicate IPFW rules
Jeremy Chadwick
koitsu at FreeBSD.org
Thu Dec 21 12:23:36 PST 2006
On Thu, Dec 21, 2006 at 08:53:07PM +0100, Václav Haisman wrote:
> Huh, really? How is it useful? Please, explain.
I use the functionality you're questioning. Each of my rule numbers
(well, not all of them, but most of them) are for specfic things;
such as rule 3000 representing deny SSH attempts from any APNIC
addresses, rule 3001 representing the same but for RIPE, etc. etc..
I have multiple deny entries *per rule number*.
Thus, when I delete one of those rule numbers, I delete all entries
in that rule (e.g. if I have 15 deny statements in rule 3000, if I
delete rule 3000, I delete all 15 of those deny statements).
So please, do not change this behaviour -- it's a useful feature.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-stable
mailing list