IPFW rule sets and automatic rule numbering
Freddie Cash
fjwcash at gmail.com
Sat Sep 13 19:52:00 UTC 2014
You can replicate it using 3 rules, loaded into two sets:
ipfw set disable 1
ipfw add allow ip from any to any
ipfw add 65524 allow ip from any to any
ipfw add allow ip from any to any
ipfw set swap 1 0
Run that two or 3 times. Every rule will be numbered 65534 after the 2nd or
3rd run.
I expected it to be numbered 10, 65524, 65534 after every run.
However, after reading the man page a few more times and thinking about it
a little more, it makes sense that the numbering is global across all sets,
as you can have multiple sets enabled simultaneously.
It just doesn't mesh with my desire to use auto numbering. I'm in the midst
of manually numbering all my rules now. :)
More information about the freebsd-ipfw
mailing list