ipfw/ipf IP filtering thoughts

From: Antti Louko (alo_at_iki.fi.invalid)
Date: 11/30/03

  • Next message: Volker Stolz: "Re: ipfw/ipf IP filtering thoughts" 
    Date: 30 Nov 2003 06:53:10 -0000
To: freebsd-hackers@freebsd.org

    Generally, I like the (Free)BSD way of doing things. But the IP
    filtering modules available for FreeBSD lack one feature when compared
    to Linux way (ipchains and iptables).

    In ipchains and iptables you have a sequential list of rules, very
    much like in ipfw and ipf, but you can have several different lists
    which have symbolic names and you can make calls from lists to other
    lists based on normal packet criteria. If the list is exchausted, the
    scan returns to the previous list. This makes it possible to make
    filtering decisions much more efficient in complex situation. You can
    for example scan a certain list only for eg. packets going to for
    example port 25 and so on. In FreeBSD, you don't have this
    "subroutine call" feature at all and you are limited to only one
    sequential list with a "goto".

    Any ideas how to proceed. I think this would be really needed and
    widely used if available.
    _______________________________________________
    freebsd-hackers@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
    To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

  • Next message: Volker Stolz: "Re: ipfw/ipf IP filtering thoughts"

    Relevant Pages

    • Re: Exposing contained types.. Especially LISTS
      ... and beyond containing list of Feature Groups, ... groups from the Test Product... ... to just have these lists of Feature Groups floating out there in my ...
      (comp.object)
    • Re: ACCESS LIST BOX SCROLL LOCK
      ... Some of us don't like "standard" Windows control UI/Appearance, ... >> change in feature from the current version. ... >> This feature would be useful for applications where larger lists of ... >> compare similar items before proceeding with their final selection. ...
      (microsoft.public.access.forms)
    • Re: From release notes for FC5T3 (web)
      ... things like shift select or whatever functionality that makes it easier to select multiple checkboxes at the same time in the interface would be a good compromise if this is not possible already but I have noted that this particular feature hasnt been requested in bugzilla yet AFAIK. ... I used battle on public lists over MS vs. Linux and battles were similar on outcome. ... The installer would still not handle easier installation or a more complete installation of what is available from the install media. ...
      (Fedora)
    • Re: How do I exclude a word from always capitalized words?
      ... Spelling and Grammar and check your autocorrect lists as well ... My suspicion is that this capitalization feature ... always be capitalized' feature in the Microsoft Help or on their web site. ...
      (microsoft.public.word.docmanagement)
    • Re: General question about Python design goals
      ... Why is it a feature if I cannot count ... Tuples and lists really are intended to serve two fundamentally different ... that other languages also make this distinction (more clearly than Python.) ... of a tuple is as a heterogenous sequence. ...
      (comp.lang.python)