Date: Tue, 27 Feb 1996 11:43:14 -0500 From: dennis@etinc.com (dennis) To: hackers@freebsd.org Cc: Poul-Henning Kamp <phk@critter.tfs.com> Subject: Re: IP filtering strawman, comments please. Message-ID: <199602271643.LAA03003@etinc.com>
next in thread | raw e-mail | index | archive | help
>Wow. That's all I have to say! That's very artsy. "divert", what an >excellent idea!!! "where a user-mode process can have fun with it"... I >nearly split in two when I read that. Show me a Cisco that can >automatically analyze and keep statistics about where dropped packets had >been coming from!! That would be like an ultimate firewall. > >I'm proud to be wearing my "Free The Berkeley 4.4" T-shirt today!! > >Wait. One thing: > >> Interface matches name >> Interface matches IP. > >IF it is easy to do, "Interface matches type" (i.e. driver type, let's say >you want to toss a filter on ALL "ppp" or "sl" devices). > >I am thinking mainly about trying to easily implement a rule such as: > >"drop all routing packets coming in via SLIP" > >which might be mildly trickier to specify using more specific rules. This >would only be useful to the ISP community - where 16 or 32 SLIP lines is >hardly unusual - but it WOULD be useful to them, if you can easily >accomplish it. > >On the other hand, what you have outlined is very comprehensive as it >stands, IMHO. > >... Joe Our latest stuff does something similar to this on a serial line basis. Its pretty nice...it isolates the filtering overhead, allows you to set different rules for different interfaces, counts and can optionally log info about traffic as well. Its mainly implemented as a priority system but a priority of "discard" has the obvious effect. info at www.etinc.com/bsddata.htm#ABM dennis ---------------------------------------------------------------------------- Emerging Technologies, Inc. http://www.etinc.com Synchronous Communications Cards and Routers For Discriminating Tastes. 56k to T1 and beyond. Frame Relay, PPP, HDLC, and X.25 for BSD/OS, FreeBSD and LINUX
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602271643.LAA03003>