Re: ipfw/ipf IP filtering thoughts
From: Antti Louko (alo_at_iki.fi.invalid)
Date: 11/30/03
- Previous message: Bruce M Simpson: "ifconfig(8) refactoring -- YACC grammar now online"
- In reply to: Volker Stolz: "Re: ipfw/ipf IP filtering thoughts"
- Next in thread: Richard Coleman: "Re: ipfw/ipf IP filtering thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 30 Nov 2003 10:59:12 -0000 To: stolz@i2.informatik.rwth-aachen.de
You should be able to accomplish the same -- although in a more convoluted
way -- with ipf[w]. You might want to use a higher-level tool though instead
of writing all the rules by hand. Try using fwbuilder or code your own ab-
straction which translates to ipfw rules.
ipfw for example doesn't have call action. It only has skipto action
and the information where the skipto came, is not available anymore.
I am trying to find out if implementing the call action was sufficient
or would it be useful to have also several named search lists like
iptables has. Implementing just the call action and adding the return
stack in ipfw processing should be quite simple.
Fwbuilder of course helps in visualizing filter but it doesn't help if
one already has the application which creates filters and wants to
optimize filter list search.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Bruce M Simpson: "ifconfig(8) refactoring -- YACC grammar now online"
- In reply to: Volker Stolz: "Re: ipfw/ipf IP filtering thoughts"
- Next in thread: Richard Coleman: "Re: ipfw/ipf IP filtering thoughts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
