Bill Moran wrote: > How about using skipto instead of allow? Thus, if it passes the > first one, it can just skipto the next rule to be checked. i.e.: > > ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32 > ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4 > > Thus, if rule 11 pases, it skips to rule 12. If it fails, it should > reject as always. The end result is that a packet _must_ pass both > rules to be allowed.
I spoke too soon. :( It seems this sort of rules evokes a bug: http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-April/001084.html My whole console is flooded with messages like these: "ipfw: install_state: entry already present, done" Is there a known patch? Thanks, - Mark _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
