Date: Tue, 27 Feb 1996 13:51:02 +0100 From: Poul-Henning Kamp <phk@critter.tfs.com> To: Joe Greco <jgreco@brasil.moneng.mei.com> Cc: hackers@freebsd.org Subject: Re: IP filtering strawman, comments please. Message-ID: <13784.825425462@critter.tfs.com> In-Reply-To: Your message of "Mon, 26 Feb 1996 15:34:06 CST." <199602262134.PAA16026@brasil.moneng.mei.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Wow. That's all I have to say! That's very artsy. "divert", what an > excellent idea!!! "where a user-mode process can have fun with it"... I > nearly split in two when I read that. Show me a Cisco that can > automatically analyze and keep statistics about where dropped packets had > been coming from!! That would be like an ultimate firewall. > > I'm proud to be wearing my "Free The Berkeley 4.4" T-shirt today!! > > Wait. One thing: > > > Interface matches name > > Interface matches IP. > > IF it is easy to do, "Interface matches type" (i.e. driver type, let's say > you want to toss a filter on ALL "ppp" or "sl" devices). > > I am thinking mainly about trying to easily implement a rule such as: > > "drop all routing packets coming in via SLIP" I have thought about this, I can see a couple of (non-exclusive) solutions: ... via ppp* interpreted as if_name must be ppp[0-9][0-9]* (for any value of ppp of course, ed* sl* tun* ...) ... via P2P interpreted as if_flags must have POINTTOPOINT set. > which might be mildly trickier to specify using more specific rules. This > would only be useful to the ISP community - where 16 or 32 SLIP lines is > hardly unusual - but it WOULD be useful to them, if you can easily > accomplish it. > > On the other hand, what you have outlined is very comprehensive as it > stands, IMHO. Thanks! -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13784.825425462>