kern/77570: [PATCH] ipfw: Multiple rules may have the same
number.
Maxim Konovalov
maxim at macomnet.ru
Wed Feb 16 00:20:33 PST 2005
The following reply was made to PR kern/77570; it has been noted by GNATS.
From: Maxim Konovalov <maxim at macomnet.ru>
To: "Wojciech A. Koszek" <dunstan at freebsd.czest.pl>
Cc: bug-followup at freebsd.org
Subject: Re: kern/77570: [PATCH] ipfw: Multiple rules may have the same
number.
Date: Wed, 16 Feb 2005 11:17:34 +0300 (MSK)
Hi Wojciech,
> >Description:
> There is a problem while inserting ipfw2 rule with specified rule number.
>
> # ipfw add <num> <action>
>
> While executing this command N times, it will add N rules with the same
> number <num>. I don't really like this behaviour, since rule number has to
> represent the unique rule.
>
> >How-To-Repeat:
>
> This problem may be easily reproduced:
>
> # ipfw add 100 allow all from any to any
> 00100 allow ip from any to any
> # ipfw add 100 allow all from any to any
> 00100 allow ip from any to any
> # ipfw add 100 allow all from any to any
> 00100 allow ip from any to any
> # ipfw show | grep 00100
> 00100 0 0 allow ip from any to any
> 00100 0 0 allow ip from any to any
> 00100 0 0 allow ip from any to any
>
> >Fix:
> Attached patch [diff.0.ipfw2] should correct this problem. It also adds predefinition of
> remove_rule(), because after applying this patch, add_rule() requires it.
Well, sorry, I really hate your patch :-) This is the way ipfw(8) was
designed and works in RELENG_*. It seems for me we gonna break
zillion ipfw installations with this patch. "Tools not policy".
Would you mind if I close this PR?
--
Maxim Konovalov
More information about the freebsd-bugs
mailing list