The following reply was made to PR kern/165939; it has been noted by GNATS.
From: Ian Smith smi...@nimnet.asn.au
To: bug-follo...@freebsd.org, h...@sendmail.cz
Cc:
Subject: Re: kern/165939: [ipw] bug: incomplete firewall rules loaded if tables
are used in ipfw.conf
Date: Tue, 30 Oct 2012 00:17:39 +1100
This is not a bug but a feature, at least for those of us managing some
or all ipfw tables independently of the ruleset. In such cases flushing
tables would be a bug, requiring addition of all entries in tables used
to be included in the ruleset before using service ipfw restart. This
would be unwieldy at best, esp. for tables updated dynamically by hand
and/or by other scripts monitoring logs and such (I use both).
I think ipfw(8) is clear enough that ipfw flush just flushes rules, not
tables, nat or dummynet configs, but emphasising that may be helpful?
For those using tables only defined in their ruleset, adding 'ipfw table
all flush' (or better, flushing particular tables used by the ruleset)
before the first 'ipfw table add ..' command is certainly necessary.
cheers, Ian
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
