Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!oleane!jussieu.fr!univ-lyon1.fr!ensta!itesec!sidhe.frmug.fr.net!not-for-mail From: roberto@keltia.freenix.fr (Ollivier Robert) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: IPFW filter rules... Date: 12 Feb 1996 11:15:57 GMT Organization: Herve Schauer Consultants Lines: 13 Message-ID: <4fn7hd$pjh@sidhe.vtcom.fr> References: <Pine.HPP.3.91.960207170506.20192A-100000@ocean.fit.qut.edu.au> <4fe9ol$f8@ender1.techcenter.paccar.com> <4fk7g9$i2d@hammy.lonestar.org> NNTP-Posting-Host: sidhe.vtcom.fr Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit In article <4fk7g9$i2d@hammy.lonestar.org>, Gordon Burditt <gordon@hammy.lonestar.org> wrote: > the PPP link. But how does one DO that without a huge number of rules? > Because of the rule re-ordering, I can't depend on the rule order > unless one rule is strictly more specific than another one. FWIW, the reordering done by IPFW has been disabled in 2.2-CURRENT. The general consensus was that it is an EVIL thing to reorder filters. See Cheswick and Bellovin for more details on why it is evil. -- Ollivier ROBERT -=-=- FreeBSD 2.x FAQ maintainer -=-=- roberto@freebsd.org -=-=-=-=-=- Support The Free UNIX Systems ! FreeBSD Linux NetBSD -=-=-=-=-=-