James Carlson wrote:
Bart Smaalders writes:
The rules in any single ipf.conf file should describe a
consistent, safe set of ipfilter rules for a single
operating state.
They should be either all applied or none.
I don't think it's as simple as that in general.
Suppose my configuration says this:
block in quick on foobar0 from ! 192.168.254.0/24 to any
A rule will never fail to load because an interface name specified in it
doesn't exist at the time it is loaded. So you can load the above rule,
even though it will likely never match anything. This makes it slightly
more susceptible to user-error but in my experience this happens very
very infrequently.
Hostnames and port names are treated differently and if they fail to be
resolved when you try to load the file, an error will be generated.
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
