From owner-freebsd-net@FreeBSD.ORG Thu Feb 12 00:42:24 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A92A106566B; Thu, 12 Feb 2009 00:42:24 +0000 (UTC) (envelope-from oberman@es.net) Received: from mailgw.es.net (mail1.es.net [IPv6:2001:400:201:1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 909148FC15; Thu, 12 Feb 2009 00:42:23 +0000 (UTC) (envelope-from oberman@es.net) Received: from postal1.es.net (postal3.es.net [198.128.3.207]) by mailgw.es.net (8.14.3/8.14.3) with ESMTP id n1C0gMXr020831 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 11 Feb 2009 16:42:22 -0800 Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal3.es.net (Postal Node 3) with ESMTP (SSL) id TCC29422; Wed, 11 Feb 2009 16:42:22 -0800 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 028CF1CC0B; Wed, 11 Feb 2009 16:42:22 -0800 (PST) To: Raffaele De Lorenzo In-reply-to: Your message of "Wed, 11 Feb 2009 23:50:34 +0100." <48EED655-AD6F-4C37-8182-86715F417011@libero.it> Date: Wed, 11 Feb 2009 16:42:22 -0800 From: "Kevin Oberman" Message-Id: <20090212004222.028CF1CC0B@ptavv.es.net> X-SPF-Result: pass X-SPF-Record: v=spf1 mx a:mail1.es.net a:mail2.es.net a:mail3.es.net a:mail4.es.net a:mail.es.net a:mailgw.es.net a:postal1.es.net a:postal2.es.net a:postal3.es.net ~all X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.7400:2.4.4, 1.2.40, 4.0.166 definitions=2009-02-12_02:2009-02-10, 2009-02-12, 2009-02-11 signatures=0 Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: Support for IPv6 tables in ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2009 00:42:24 -0000 > From: Raffaele De Lorenzo > Date: Wed, 11 Feb 2009 23:50:34 +0100 > > Hi, > I developed with Luigi (as mentor) and Mariano Tortoriello the first > release of ipfw with ipv6 extension. If you and the FreeBSD Community > think that the tables functional is a good feature i can develop it > for IPv6 protocol. Tables are invaluable for several functions. The most important to me is the ability to create a 'block' list that can be easily updated from a program or script. With a table you just need: add 00500 unreach port ip from table 86 to any in your standard configuration and then a script can do: table 22 add 2001:400:14:23::45 to add a system to the list. To do it without tables means finding an available rule and inserting the rule in the main table. I can do it without tables, but it works much better with them. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751