Re: Support for IPv6 tables in ipfw?
> From: Raffaele De Lorenzo > Date: Wed, 11 Feb 2009 23:50:34 +0100 > > Hi, > I developed with Luigi (as mentor) and Mariano Tortoriello the first > release of ipfw with ipv6 extension. If you and the FreeBSD Community > think that the tables functional is a good feature i can develop it > for IPv6 protocol. Tables are invaluable for several functions. The most important to me is the ability to create a 'block' list that can be easily updated from a program or script. With a table you just need: add 00500 unreach port ip from table 86 to any in your standard configuration and then a script can do: table 22 add 2001:400:14:23::45 to add a system to the list. To do it without tables means finding an available rule and inserting the rule in the main table. I can do it without tables, but it works much better with them. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: Support for IPv6 tables in ipfw?
Hi, I developed with Luigi (as mentor) and Mariano Tortoriello the first release of ipfw with ipv6 extension. If you and the FreeBSD Community think that the tables functional is a good feature i can develop it for IPv6 protocol. Ciao Raffaele On 11/feb/09, at 23:34, Kevin Oberman wrote: With all of Luigi's excellent work on ipfw, I'd like to request that someone familiar with the code look at implementing support for tables for IPv6. While the IPv6 support in IPFW is generally a bit less mature than IPv4, the one functional thing that is completely missing is tables. Having them would make my life quite a bit easier. It's the one thing that I have been unable to work around in my dual-stack firewalls. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
IPFW performance on SMP (vs. PF)
Hi, I'll have to implement a packet filter on machines with several cores (4 to 8). Which one of the available filters (IPFW, IPF, PF) will provide the best performance on such SMP machines? I heard that PF doesn't support SMP hardware very well -- is that true? Will IPFW be better? Thanks for any insights. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
