Luigi Rizzo wrote:
On Sun, Jan 17, 2010 at 12:04:43PM +0100, Luigi Rizzo wrote:
On Sun, Jan 17, 2010 at 05:42:58PM +0900, Hajimu UMEMOTO wrote:
Hi,
On Sun, 10 Jan 2010 19:52:32 +0100
Luigi Rizzo said:
While we are at it, might I suggest one more "nice" thing...
For several of my projects
On Sun, Jan 17, 2010 at 12:04:43PM +0100, Luigi Rizzo wrote:
> On Sun, Jan 17, 2010 at 05:42:58PM +0900, Hajimu UMEMOTO wrote:
> > Hi,
> >
> > > On Sun, 10 Jan 2010 19:52:32 +0100
> > > Luigi Rizzo said:
> >
> > rizzo> We only need one 'me' option that matches v4 and v6, because the
> >
On Sun, Jan 17, 2010 at 05:42:58PM +0900, Hajimu UMEMOTO wrote:
> Hi,
>
> > On Sun, 10 Jan 2010 19:52:32 +0100
> > Luigi Rizzo said:
>
> rizzo> We only need one 'me' option that matches v4 and v6, because the
> rizzo> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
> ri
Hi,
> On Sun, 10 Jan 2010 19:52:32 +0100
> Luigi Rizzo said:
rizzo> We only need one 'me' option that matches v4 and v6, because the
rizzo> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
rizzo> cost (the code for 'me' only scans the list corresponding to the
rizzo> act
>
> We only need one 'me' option that matches v4 and v6, because the
> other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
> cost (the code for 'me' only scans the list corresponding to the
> actual address family of the packet). I would actually vote for
> removing the 'me6' microi
On Mon, Jan 11, 2010 at 03:27:13AM +0900, Hajimu UMEMOTO wrote:
> Hi,
>
> > On Sat, 2 Jan 2010 20:36:45 -0500
> > David Horn said:
>
> > dhorn2000> Yes, "me" matching either ipv4/ipv6 would certainly simplify the
> > default
> > dhorn2000> rc.firewall flow.
> >
> > Here is my proposed p
Hi,
> On Sat, 2 Jan 2010 20:36:45 -0500
> David Horn said:
> dhorn2000> Yes, "me" matching either ipv4/ipv6 would certainly simplify the
> default
> dhorn2000> rc.firewall flow.
>
> Here is my proposed patch. With this patch, 'me' matches to both IPv4
> and IPv6, and 'me4' is added for
Hi,
> On Sat, 2 Jan 2010 20:36:45 -0500
> David Horn said:
dhorn2000> On a separate note, you may want to consider adding an explicit
dhorn2000> "allow" in the default rc.firewall to support dhcpv6-client requests.
dhorn2000> (at least in client case, but potentially workstation as well)
On Fri, Dec 18, 2009 at 10:45 AM, Hajimu UMEMOTO wrote:
> Hi,
>
>> On Fri, 18 Dec 2009 09:12:48 -0500
>> David Horn said:
>
> dhorn2000> The updated patch works, but doing a check for [ $ipv6_available
> -eq 0 ]
> dhorn2000> might be more appropriate than checking "net6" or "inet6"
> va
Hi,
> On Fri, 18 Dec 2009 09:12:48 -0500
> David Horn said:
dhorn2000> The updated patch works, but doing a check for [ $ipv6_available -eq
0 ]
dhorn2000> might be more appropriate than checking "net6" or "inet6" variables
in these
dhorn2000> no INET6 cases since neither net6 or inet6
On Thu, Dec 17, 2009 at 3:36 AM, Hajimu UMEMOTO wrote:
> Hi,
>
> > On Thu, 17 Dec 2009 02:20:47 -0500
> > David Horn said:
>
> dhorn2000> Thanks for working on rc.firewall, as the old scenario of
> dualing
> dhorn2000> rc.firewall/rc.firewall6 was not easily used in the default
> configu
On Thu, Dec 17, 2009 at 3:45 PM, Max Laier wrote:
> On Thursday 17 December 2009 08:20:47 David Horn wrote:
> > Thanks for working on rc.firewall, as the old scenario of dualing
> > rc.firewall/rc.firewall6 was not easily used in the default
> configurations
> > when running dual stack. The new
On Thursday 17 December 2009 08:20:47 David Horn wrote:
> Hajimu --
>
> Thanks for working on rc.firewall, as the old scenario of dualing
> rc.firewall/rc.firewall6 was not easily used in the default configurations
> when running dual stack. The new rc.firewall has some very decent sane
> default
Hi,
> On Thu, 17 Dec 2009 02:20:47 -0500
> David Horn said:
dhorn2000> Thanks for working on rc.firewall, as the old scenario of dualing
dhorn2000> rc.firewall/rc.firewall6 was not easily used in the default
configurations
dhorn2000> when running dual stack. The new rc.firewall has som
Hajimu --
Thanks for working on rc.firewall, as the old scenario of dualing
rc.firewall/rc.firewall6 was not easily used in the default configurations
when running dual stack. The new rc.firewall has some very decent sane
defaults. My testing so far as been concentrated on firewall_type="client"
15 matches
Mail list logo
