I was just having a quick peek at how ipfw works in FreeBSD-4 for IPv6,
to see what's required for IP-Filter (hoping for a clean interface)
and the response is "sigh". The old ipfw mechanism needs to be
abandoned, IMHO.
For those that aren't aware, pfil(9) in NetBSD used to provide two
lists fo
> I was just having a quick peek at how ipfw works in FreeBSD-4 for IPv6,
> to see what's required for IP-Filter (hoping for a clean interface)
> and the response is "sigh". The old ipfw mechanism needs to be
> abandoned, IMHO.
can you comment a bit more ? I am a bit unclear on what
exactly is t
In some mail from Luigi Rizzo, sie said:
>
> > I was just having a quick peek at how ipfw works in FreeBSD-4 for IPv6,
> > to see what's required for IP-Filter (hoping for a clean interface)
> > and the response is "sigh". The old ipfw mechanism needs to be
> > abandoned, IMHO.
>
> can you comm
> > The issue of one vs. multiple lists (per direction, interface,
> > protocol, you name it) has been discussed some time ago. For sure
> > multiple lists are a (minor, given that we can start the ipfw lists
> > with a few of "skipto") performance improvement over a single one,
> > at the possib
In some mail from Luigi Rizzo, sie said:
>
> > > The issue of one vs. multiple lists (per direction, interface,
> > > protocol, you name it) has been discussed some time ago. For sure
> > > multiple lists are a (minor, given that we can start the ipfw lists
> > > with a few of "skipto") performa
> Changing routing information is not a problem. For starters,
> with inbound packets, there is none.
for outbound there is, and one of the biggest problems i had
with dummynet (as an example) was that some code passed
around route structures held in the stack, so you couldn't just keep
a refere
In some mail from Luigi Rizzo, sie said:
>
> > Changing routing information is not a problem. For starters,
> > with inbound packets, there is none.
>
> for outbound there is, and one of the biggest problems i had
> with dummynet (as an example) was that some code passed
> around route structur
On Sat, 19 Feb 2000, Luigi Rizzo wrote:
> > If you look at how linux's iptables works, there are separate modules
> > for each of ip, tcp, udp, icmp, etc. A packet is filtered by calling
> > the appropriate filter routine for that protocol. In comparison to
> > ipfw which does all its port chec
8 matches
Mail list logo
