On Sat, Apr 28, 2001 at 21:22:59 -0700, David Wolfskill wrote:
> I have at least one application where I generate ipfw rules in a script,
> for a set of subnets which I read from a file at execution time. I am
> able to use the numbers to group the firewall rules , so that for any
> given subnet, I can predict the order in which the rules will be
> applied.
In situation you describe you can _add_ rules without any harm, but you
can't _delete_ some of them later - it cause totally unpredictable
results, i.e. delete operation really not works in the current way. Better
way will be to give all subnets unique numbers ranges.
--
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
