"or" blocks in IPFW2

Mon Jul 18 11:06:24 GMT 2005

Luigi Rizzo <rizzo at icir.org> wrote:
 > On Wed, Jul 13, 2005 at 05:57:53PM +0200, Oliver Fromme wrote:
 > ...
 > > # ipfw add allow tcp from any to any \{ in recv fxp0 or out xmit fxp0 \}
 > > 04400 allow tcp from any to any in { recv fxp0 or out } xmit fxp0
 > 
 > surely the parser is not very robust and should complain :)
 > 
 > This said, the 'or' is a conjunction of individual options, 
 > and 'in' is one option and 'recv fxp0' is another one.

Okay ...  So the braces are actually redundant, right?
Because the "or" operator has highest priority anyway
(except possibly for "not"), and braces cannot be used
to change priority.

 > if you need something different you probably have to write separate rules.

Thank you very much for the explanation.  So I have to
write separate rules.  (Not a big deal.)

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.