> Two questions...
> First, what "bad thing" can happen when I don't reboot?
When you don't reboot after adding new entries, you could have a mixup
of ruleno between your client and the allowed-ip-address getting nasty
(client login not working) results only in the following conditions:
Everytime the system ruleno wraps and you have allowed-ip-address in
there (you even don't have to add new ones), but you will need to have
lots of sessions (9899 to be precise/+depending on the rulen0 you had
when adding a new one ;) )
Everytime the system ruleno wraps and you have ADDED a new
allowed-ip-address without rebooting. (depending on the rulen0 you had
when adding a new one)
Not anymore ;) (even the situation: old user fw ruleno 10001 still
logged-in after wrap shouldn't give any problems anymore)
I am going to fix this in a good way for the 1.23 (or whatever number)
release by verifying if the specified rulen0 already is in use and using
the first free next number.
> I can't think how
> many times I do this quick during the day to solve a problem (usually
> browser) and could not reboot.
Will happen only after at least 9899 sessions
> Second, what is the symptom of a wrap? I think I actually had one in
> wield the other day. It was a hotel I have behind m0n0wall running
> since the day of release without a reboot. Between 10 - 50 users a
> Suddenly no one could log in to the CP but the old allowed IPs were
> It was a busy time, so I had to reboot after very little
> and it worked fine.
You get firewall collision with the above effect. (IIRC the new rule
won't be added because there already exists an old one)
> One comment...
> If there was some way to reorder the table without login off everyone,
> would be good. I can not log people off in production, and often need
> add ip addresses.
I know, thats why I will fix it for +=1.23
I'm surprised almost nobody noticed it. University networks certainly
would have this issue with lots of users logging in on daily basis.