Duplicate IPFW rules

Oliver Fromme olli at lurza.secnetix.de
Fri Dec 22 00:16:21 PST 2006


Václav Haisman wrote:
 > I have just noticed that ipfw list shows one rule twice. It could be that I
 > have run a script that adds it twice:

That's expected behaviour.  Rule numbers are not unique.
Think of the rule number as a tag attached to the rule.
It's perfectly legal that two rules can have the same
tag (number).

 > Shouldn't IPFW check before adding the same rule number again?

No.  However, it could be argued that ipfw(8) could check
if an existing rule number is added with the same rule
body.  In that case it would be redundant and have no
effect at all.  (It wouldn't really be an error either,
so ipfw(8) could simply exit successfully without actually
adding the rule.)  If someone submits a patch for that,
I think it would be comitted.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Clear perl code is better than unclear awk code; but NOTHING
comes close to unclear perl code"  (taken from comp.lang.awk FAQ)


More information about the freebsd-stable mailing list