Duplicate IPFW rules

Jeremy Chadwick koitsu at FreeBSD.org
Thu Dec 21 12:23:36 PST 2006

On Thu, Dec 21, 2006 at 08:53:07PM +0100, Václav Haisman wrote:
> Huh, really? How is it useful? Please, explain.

I use the functionality you're questioning.  Each of my rule numbers
(well, not all of them, but most of them) are for specfic things;
such as rule 3000 representing deny SSH attempts from any APNIC
addresses, rule 3001 representing the same but for RIPE, etc. etc..

I have multiple deny entries *per rule number*.

Thus, when I delete one of those rule numbers, I delete all entries
in that rule (e.g. if I have 15 deny statements in rule 3000, if I
delete rule 3000, I delete all 15 of those deny statements).

So please, do not change this behaviour -- it's a useful feature.

| Jeremy Chadwick                                 jdc at parodius.com |
| Parodius Networking                        http://www.parodius.com/ |
| UNIX Systems Administrator                   Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list