Yann Berthier wrote:
Is there reasons to not implement conditionaly these checks (the strict and the loose mode) in the stack itself, in the same vein than say ithe blackhole or the drop_synfin checks ? Just curious - but uRPF filtering can be very handy, and i don't need full-fledged filtering on every machine.
Yes, after some work on the pf sources I realized that doing the uRPF work in ip_input.c and controlling it for example via sysctl of some kind would be cleaner - no dependency on packet filtering of any kind and functionality done once not splattered over few places. But I asked because my lack of time and experience in coding *BSD. I'm slowly moving on, but if someone has 15 minutes of his precious time free and can code it with closed eyes, surely we'd be grateful. -- this space was intentionally left blank | Łukasz Bromirski you can insert your favourite quote here | lukasz:bromirski,net _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
