semantics of 'not-applicable' options in ipfw ?
Sten Daniel Sørsdal
sten.daniel.sorsdal at wan.no
Wed Jan 14 09:04:51 PST 2004
> As the subject says... what is people's opinion on the best
> semantics for 'not-applicable' options in ipfw rules ?
>
> As an example, if i say (using ipfw2 syntax, for simplicity)
>
> 100 count src-port 100
> 200 count not src-port 100
>
It is in my opinion that people in general interpret this
example to count tcp/udp packets from (src-port==100) and
(src-port!=100), despite the man page.
For example;
100 count src-port 100
200 count src-port not 100
I also believe that "via" option also causes the same kind of confussion.
By the way, do you have any plans to implement a tag/flag system?
( example:
100 flag 100 src-port 100
200 allow flag 100
)
_// Sten Daniel Sørsdal
More information about the freebsd-ipfw
mailing list