Matt Dawson wrote:
On Wednesday 06 Aug 2008, [EMAIL PROTECTED] wrote:
On Tuesday 05 August 2008 16:42:25 Max Laier wrote:
On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote:
Just a quick question: What would it take to have similar functionality
to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't
there (other than the fact that I haven't got my finger out and learnt
the neccessary to add it myself ;) )?
In FreeBSD 7 and above all three firewall packages included with FreeBSD
understand both IPv4 and IPv6. Read the ipfw(8) man page for details on
how to setup IPv6 rules.
Oh wait ... you asked something different. Yeah, that would be nice to
have. pf does it. If you need a reference.
I did notice pf had tables that can handle both v4 and v6. I hadn't thought of
reading pf's code to see how it's done, although pf's tables seem to handle
handle both versions (without looking at the code, just the manpage). I'm
now wondering which approach would be less resource-hungry: Adding a
separate "table6" structure or modifying tables to accept v6. The former, to
my mind, is more economical with large tables.
Thanks to you and Julian for the replies. Looks like I have some code and
things to read through.
I think I'd go for a single table structure, that only instantiates
the ipv4 or ipv6 table part of itself when you add anentry of that
type.. then when you do a compare, it only looks in the apropriate
half.. Since you always know which you have...
but it would be note to be able do a test against both types with one
ipfw rule.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
