Date: Tue, 10 Oct 2000 10:09:26 -0400 (EDT) From: Vivek Khera <khera@kciLink.com> To: Gerhard Sittig <Gerhard.Sittig@gmx.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipf vs. ipfw ? Message-ID: <14819.8982.61823.868907@onceler.kciLink.com> In-Reply-To: <20001009193445.T31338@speedy.gsinet> References: <20001008224359.R31338@speedy.gsinet> <Pine.BSF.4.21.0010082235080.3908-100000@turtle.looksharp.net> <20001009193445.T31338@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "GS" == Gerhard Sittig <Gerhard.Sittig@gmx.net> writes: GS> same mechanism -- just with ipfw behind the pipe! And these GS> substitutions maybe could get nested if needed like this: GS> REPEAT S1 $SRC : REPEAT S2 $DEST : pass ... from S1 to S2 ... GS> if implemented in some intelligent way. Has someone gotten GS> behind the stage of thinking about this and actually started GS> planning or implementing it? I would be interested in different GS> thoughts. ipfw lets you pre-process a file using any arbitrary pre-processor. It recommends cpp or m4, but who's to stop you from using perl? Just make your FW rule file be a perl program and run it thusly: ipfw -p /usr/bin/perl firewall.perl and you're set. Just make sure that the output of your firewall.perl program is a valid set of firewall rules. I guess the only trick would be figuring out how to pass flags to your program. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-301-545-6996 GPG & MIME spoken here http://www.khera.org/~vivek/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14819.8982.61823.868907>