Duplicate IPFW rules
Dmitry Pryanishnikov
dmitry at atlantis.dp.ua
Tue Dec 26 02:18:56 PST 2006
Hello!
On Thu, 21 Dec 2006, Vclav Haisman wrote:
>> One example feature is to be able to delete many rules at once. If
>> you know that a specific rule number holds rules (example: time based
>> rules) then the script has less work to do. Now granted since sets
>> where introduced this can be done via this method but this feature has
>> been useful (at least to me) for years and years now.
>>
>> Scott
> Oh, I did not realise this use. Hmm...still, I thought that this is what
> tables are for :)
The ability to have several distinct ipfw rules with the same rule_number
is also useful for the purposes of traffic accounting. Say, you should tally
traffic received via some interface + traffic from the proxy-server together
for some user:
ipfw add 3000 count all from any to user in recv ext0
ipfw add 3000 count tcp from proxy 3128 to user out
and just teach the traffic accounting utility to sum up byte counts for the
rules with the same number. Very handy, and not doable via lookup tables.
> VH
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE
More information about the freebsd-stable
mailing list