Date: Mon, 26 Feb 1996 15:34:06 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: hackers@freebsd.org Subject: Re: IP filtering strawman, comments please. Message-ID: <199602262134.PAA16026@brasil.moneng.mei.com> In-Reply-To: <12238.825366315@critter.tfs.com> from "Poul-Henning Kamp" at Feb 26, 96 09:25:15 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Wow. That's all I have to say! That's very artsy. "divert", what an excellent idea!!! "where a user-mode process can have fun with it"... I nearly split in two when I read that. Show me a Cisco that can automatically analyze and keep statistics about where dropped packets had been coming from!! That would be like an ultimate firewall. I'm proud to be wearing my "Free The Berkeley 4.4" T-shirt today!! Wait. One thing: > Interface matches name > Interface matches IP. IF it is easy to do, "Interface matches type" (i.e. driver type, let's say you want to toss a filter on ALL "ppp" or "sl" devices). I am thinking mainly about trying to easily implement a rule such as: "drop all routing packets coming in via SLIP" which might be mildly trickier to specify using more specific rules. This would only be useful to the ISP community - where 16 or 32 SLIP lines is hardly unusual - but it WOULD be useful to them, if you can easily accomplish it. On the other hand, what you have outlined is very comprehensive as it stands, IMHO. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602262134.PAA16026>