Re: Named states in ipfw (and old rulesets)

2016-08-14 Thread Andrey V. Elsukov
On 14.08.16 20:27, Lev Serebryakov wrote: > But looks like, that comment is lost here, here is output of "ipfw show" > after boot: > > 13050 0 0 nat 2 ip from any to any // De-NAT > 13060 0 0 check-state default > 13070 0 0 skipto 3 ip from any to any // Allowed

Auto-numbered rules with state or table opcodes are printed-out as ""number 00000" on addition

2016-08-14 Thread Lev Serebryakov
Hello Lev, Sunday, August 14, 2016, 8:27:02 PM, you wrote: When auto-numbering is used, all rules with any keep-state/check-state or table opcodes is printed out as number 0 on addition, like this: add 11000 allowdst-ip MCAST // Allow incoming multicast add deny

Named states in ipfw (and old rulesets)

2016-08-14 Thread Lev Serebryakov
Hello Lev, Sunday, August 14, 2016, 8:20:16 PM, you wrote: > Line 155: Ambiguous state name '//', 'default' used instead. > : No error: 0 > 0 check-state default Ok, really this one is (no rule number, I'm rely on auto-numbering): add nat 2 // De-NAT add check-state // Make

Named states in ipfw

2016-08-14 Thread Lev Serebryakov
Hello Freebsd-ipfw, I've tried new build of 12-CURRENT (with new ipfw feature of named states), with OLD ruleset and I'm disappointed by user experience. Old ruleset contains a lot "keep-state" and "check-state" statements and all this "Ambiguous state names" noise is, really, noise. It looks

Re: names for limit states?

2016-08-14 Thread Lev Serebryakov
Hello Andrey, Sunday, August 14, 2016, 4:29:50 PM, you wrote: >> Looks like you didn't add names support for states with limits? Why? > For me it looks like I did that. Why would you think differently? :) Because I need to read code better, sorry! -- Best regards, Lev

Notice on upcoming ipdbtools 1.1.1

2016-08-14 Thread Dr. Rolf Jansen
As was noticed by the port maintainer, the initial release of ipdbtools 1.1.0 into the ports did not compile on i386 systems because the lack of the __uint128_t data type on 32bit systems, and which was used for IPv6 computing. In the meantime, I rolled in the necessary uint128 comparison,

Re: names for limit states?

2016-08-14 Thread Andrey V. Elsukov
On 14.08.16 15:04, Lev Serebryakov wrote: > Hello Ae, > > Looks like you didn't add names support for states with limits? Why? For me it looks like I did that. Why would you think differently? :) -- WBR, Andrey V. Elsukov signature.asc Description: OpenPGP digital signature

names for limit states?

2016-08-14 Thread Lev Serebryakov
Hello Ae, Looks like you didn't add names support for states with limits? Why? -- Best regards, Lev mailto:l...@freebsd.org pgpseuX25vqa4.pgp Description: PGP signature