Given the following experiment:
Why do both rules appear the same in the list? I'm perfectly ok with the first rule being optimized down to simply "count", because "dst-ip any" predicate is always true and can be dropped. But then, I would expect that "not dst-ip any" is always false, that is it never matches any ip. So why does that second rule count anything? It looks like it counts the same packets as the first rule (small discrepancy 41-40 is due to stray traffic between those two commands).
Bash:
# ipfw add 10 count dst-ip any
00010 count
# ipfw add 20 count not dst-ip any
00020 count
# ipfw show 1-100
00010 41 12728 count
00020 40 12624 count
Why do both rules appear the same in the list? I'm perfectly ok with the first rule being optimized down to simply "count", because "dst-ip any" predicate is always true and can be dropped. But then, I would expect that "not dst-ip any" is always false, that is it never matches any ip. So why does that second rule count anything? It looks like it counts the same packets as the first rule (small discrepancy 41-40 is due to stray traffic between those two commands).