On Tue, Sep 24, 2002 at 11:43:19AM -0500, Kirk Strauser wrote: >To: [EMAIL PROTECTED] >Subject: Can IPFW keep state after a flush? >From: Kirk Strauser <[EMAIL PROTECTED]> >Date: 24 Sep 2002 11:43:19 -0500 > >>From what I can tell, ipfw's 'flush' command clears the ruleset *and* the >current list of dynamic (keep-state) rules. Is there any way to ask ipfw to >flush only the ruleset, but to leave the dynamic rules intact? Ideally,
From ip_fw.c: [snip] * Each dynamic rules holds a pointer to the parent ipfw rule so * we know what action to perform. Dynamic rules are removed when * the parent rule is deleted. [snip] From ip_fw2.c: * Each dynamic rule holds a pointer to the parent ipfw rule so * we know what action to perform. Dynamic rules are removed when * the parent rule is deleted. XXX we should make them survive. >ipfw could be made to compare the curreny dynamic rules against any new >rules that were added, which would allow a sysadmin to implement a new >ruleset on an already-running system without disturbing any current valid >connections. Is such a thing possible, or am I dreaming? >-- >Kirk Strauser >In Googlis non est, ergo non est. > >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
