Date: Thu, 26 Jun 2003 19:14:36 -0700
To: Julian Elischer <julian@elischer.org>
Julian Elischer wrote:
> I'm not sure I understand why not just tell ipfw to count all packets
> that an ISP is likely to charge for and have the tables 'reaped every
> now and then by a daemon to give a time dimension to the data..
That was my thought, though the OP isn't using ipfw, and I'm
woefully ignorant (and mostly uninterested) in ipfilter.
You could just as your ISP for access to the SNMP MIB that they're
using to bill you.
Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags.... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ... (freebsd-current)
Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags.... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ... (freebsd-isp)
Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags.... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ... (freebsd-net)
FreeBSD Security Advisory: FreeBSD-SA-01:08.ipfw [REVISED] ... included in FreeBSD 4.0 and above. ... based on an old version of ipfw and does not contain as many features. ... Due to overloading of the TCP reserved flags field,... incorrectly treat all TCP packets with the ECE flag set as being part ... (FreeBSD-Security)
Re: port 80 is open ... The firewall drops all packets initiated... > internet the ISP router does not send the unreachable message. ... and then close the connection as your IP is seen as not connected. ... (comp.security.firewalls)
