Jaroslaw Rafa wrote:
Jaroslaw Rafa napisal(a):
When I type the rules directly from terminal, like here:
# ipf -f -
<type rules here>
ctrl-D
#
the rules are added, but when I put the rules into a file, and type:
# ipf -f filename
or type something like
# echo '<rule text>' | ipf -f -
it doesn't work - "ipfstat" shows that the filter rules are unchanged.
Excuse me for making a mistake - I actually tried to remove rules, and it
didn't work, and wrote about adding them.
I made some more experiments, and found out the following:
The rules can be removed ONLY in the same way they have been added, ie.
- when rules have been typed directly from a terminal, they need to be
removed also directly from a terminal;
- the rules that have been loaded from a file must be also removed by means
of a file (ipf -r -f filename)
- the rules that were added via redirected standard input, like in the above
example with "echo" command, must be also removed the same way
Removing the rule any other way doesn't work!
Why does it work so?
Ack...this is a nasty bug.
The problem is that the line number a rule is found at, in the file, is
stored in the rule.
It is stored in part of the rule that is used when it comes time to
delete a rule.
So if you changed the line number, "ipf -rf <file>" would not work.
The fix here is to move fr_flineno..
Darren
