On Wed, Mar 08, 2006 at 02:39:51PM -0800, Darren Reed wrote: > James Carlson wrote: > > >Bart Smaalders writes: > > > > > >>The rules in any single ipf.conf file should describe a > >>consistent, safe set of ipfilter rules for a single > >>operating state. > >> > >>They should be either all applied or none. > >> > >> > > > >I don't think it's as simple as that in general. > > > >Suppose my configuration says this: > > > > block in quick on foobar0 from ! 192.168.254.0/24 to any > > > > > > A rule will never fail to load because an interface name specified in it > doesn't exist at the time it is loaded. So you can load the above rule, > even though it will likely never match anything. This makes it slightly > more susceptible to user-error but in my experience this happens very > very infrequently.
Will such rules be installed when such interfaces appear? _______________________________________________ networking-discuss mailing list [email protected]
