[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Solaris 2.5 flush problem?
From:       Darren Reed <darrenr () cyber ! com ! au>
Date:       1996-08-22 12:58:08
[Download RAW message or body]

In some mail I received from C. Ewen MacMillan, sie wrote
[...]
> xipe#> ipf -rf -
> block in on le0 proto tcp from any to any flags S/FSRPAU
> ioctl(SIOCDELFR): No such process
> xipe#> ipfstat -i
> block in on le0 proto tcp from any to any flags S/FSRPAU
> 
>  I was able to remove that rule with:
> 
> xipe#> ipf -rf -
> block in on le0 proto tcp from any to any flags S
> 
>  I suppose that makes some sense, as the flags "S" is an outdated
>  syntax more or less, and that is actually the rule that my configuration
>  is using, rather than the full S/FSRPAU.

Curious indeed.

>  Still, ipf -Fa does nothing at all on my sparc:
> xipe#> ipfstat -i | wc -l
>       62
> xipe#> ipf -F all
> xipe#> ipfstat -i | wc -l
>       62

This was a hangover from some changes to the "-F" option which obviously
didn't go down very well or weren't documented clearly enough, but has
since been restored to the old behaviour.

What "ipf -F a" has been doing is trying to flush the `accounting' filter
list, whereas what you probably want to do is "ipf -F io" for input and
output.  I wanted to make it possible to flush accounting rules separately
to normal ones, but this was oviously not the way to do it.

Ah well.


[prev in list] [next in list] [prev in thread] [next in thread]