Re: Duplicate IPFW rules

2006-12-26 Thread Dmitry Pryanishnikov
Hello! On Thu, 21 Dec 2006, Vclav Haisman wrote: One example feature is to be able to delete many rules at once. If you know that a specific rule number holds rules (example: time based rules) then the script has less work to do. Now granted since sets where introduced this can be done via t

Re: Duplicate IPFW rules

2006-12-22 Thread Oliver Fromme
Václav Haisman wrote: > I have just noticed that ipfw list shows one rule twice. It could be that I > have run a script that adds it twice: That's expected behaviour. Rule numbers are not unique. Think of the rule number as a tag attached to the rule. It's perfectly legal that two rules can hav

Re: Duplicate IPFW rules

2006-12-21 Thread Ian Smith
On Thu, 21 Dec 2006, Scott Ullrich wrote: > On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: > > Oh, I did not realise this use. Hmm...still, I thought that this is what > > tables are for :) > > Yep, thats another usage for tables. But tables have not been around > for very long eit

Re: Duplicate IPFW rules

2006-12-21 Thread Scott Ullrich
On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: Huh, really? How is it useful? Please, explain. One example feature is to be able to delete many rules at once. If you know that a specific rule number holds rules (example: time based rules) then the script has less work to do. Now gran

Re: Duplicate IPFW rules

2006-12-21 Thread Jeremy Chadwick
On Thu, Dec 21, 2006 at 08:53:07PM +0100, Václav Haisman wrote: > Huh, really? How is it useful? Please, explain. I use the functionality you're questioning. Each of my rule numbers (well, not all of them, but most of them) are for specfic things; such as rule 3000 representing deny SSH attempts

Re: Duplicate IPFW rules

2006-12-21 Thread Scott Ullrich
On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: Oh, I did not realise this use. Hmm...still, I thought that this is what tables are for :) Yep, thats another usage for tables. But tables have not been around for very long either. Considering that I have used IPFW since FreeBSD version

Re: Duplicate IPFW rules

2006-12-21 Thread Rodrigo Galiano
Hi, Re-edit your script and on the first line at the following: ipfw -f fl This line flushes the firewall script that is currently loaded before loading your script. Can you keep me posted. Regards and a Merry Christmas, -- Rodrigo Galiano Celestino Internet & System Consultant

Re: Duplicate IPFW rules

2006-12-21 Thread Václav Haisman
Scott Ullrich wrote, On 21.12.2006 21:05: > On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: >> Huh, really? How is it useful? Please, explain. > > One example feature is to be able to delete many rules at once. If > you know that a specific rule number holds rules (example: time based >

Re: Duplicate IPFW rules

2006-12-21 Thread Kevin Downey
On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: Hi, I have just noticed that ipfw list shows one rule twice. It could be that I have run a script that adds it twice: shell::root:~> ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 1

Re: Duplicate IPFW rules

2006-12-21 Thread Václav Haisman
Kevin Downey wrote, On 21.12.2006 20:44: > > > On 12/21/06, *Václav Haisman* <[EMAIL PROTECTED] > > wrote: > > Hi, > I have just noticed that ipfw list shows one rule twice. It could be > that I > have run a script that adds it twice: > > shell::r

Duplicate IPFW rules

2006-12-21 Thread Václav Haisman
Hi, I have just noticed that ipfw list shows one rule twice. It could be that I have run a script that adds it twice: shell::root:~> ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 01999 deny ip from table(1) to any 01999