Re: [Fwbuilder-discussion] IPFilter skip forest
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] IPFilter skip forest
|
From: Vadim K. <va...@vk...> - 2003-11-30 18:18:45
|
On Nov 30, 2003, at 2:11 AM, Lupe Christoph wrote: > (Sorry, wrong subject. I started writing a mail about "Accept TCP > sessions opened prior", then decided to file a bug and recycled the > mail > for this subject. I've changed the subject.) > > On Sunday, 2003-11-30 at 10:54:35 +0100, Lupe Christoph wrote: > >> The 1.1 version of the IPFilter compiler generates forests of skip >> instructions. (I already filed a bug requesting to remove the word >> "quick" from the skip lines.) > >> I'm not sure if the negative skips work. ipfstat lists them thusly: > >> @135 skip 65535 in on fxp2 from any to 213.155.64.130/32 > >> Does this skip work? > > I doesn't seem to. That makes 1.1 unusable for IPFilter. And I can't > massage this away easily. :-( > > That means I have to fall back to 1.0.10 and reenter all the changes I > just did :-( > > Unless of course, you have a magical solution... > I can fix it quickly. Removing "quick" is easy, how does the rule that generated negative "skips" look like ? --vk |