[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: IP Filter 101
From:       Paul Slootman <paul () wau ! mis ! ah ! nl>
Date:       1997-09-23 15:52:15
[Download RAW message or body]

On Wed 24 Sep 1997, Darren Reed wrote:
> In some mail I received from Paul Slootman, sie wrote
> > On Wed 24 Sep 1997, Darren Reed wrote:
> > > In some mail I received from Paul Slootman, sie wrote
> > > [...]
> > > > Oh yeah, am I crazy or does example.10 simply not work? In which
> > > > case it should perhaps be removed? This added to the confusion.
> > > > When I'm starting off on completely unknown terrain, I tend to
> > > > blame myself, so I wasted lots of time trying to figure out why
> > > > it wasn't doing what I thought I told it to do (fixed by getting
> > > > 3.2b5), and why example.10 didn't make any sense.
> > > 
> > > Hmmm, I can see what it wouldn't make sense - you definately wouldn't
> > > want to use them in the grouping given there!
> > > 
> > > It is a combination of rules which "do things", as an example of how
> > > you would do them (if you wanted to) rather than a set of rules you
> > > would use in real life together.
> > 
> > Actually, what I meant was this:
> > 
> > # ipf -f -
> > pass in proto tcp 10.1.0.0/16 port = 23 10.2.0.0/16 flags A/A
> > unexpected keyword (10.1.0.0/16) - from
> > 
> > It doesn't get accepted, the syntax appears to be wrong. Right?
> > Or am I confused? (... and I thought I had left that behind me :-)
> 
> You're missing the "from" and "to".
> 
>  pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A

Yes, my point EXACTLY!  "My" rule, which is missing the "from" and "to",
was cut and pasted precisely as above from the example.10 I mentioned.
So, to get back to my original question,

> > > > Oh yeah, am I crazy or does example.10 simply not work? In which
> > > > case it should perhaps be removed? This added to the confusion.

I.e. the example that is distributed with the source is simply wrong,
by your own admission above. It's confusing for IP-Filter newbies as
myself if the examples are wrong, it puts them on the wrong track.

So, may I humbly suggest that in the next tarball the example.10 is
either changed to be correct, or simply removed?


Paul Slootman

[prev in list] [next in list] [prev in thread] [next in thread]