Date: Wed, 9 Jul 2003 18:13:08 -0300 From: Diego Linke - GAMK <linke@calnet.com.br> To: freebsd-ipfw@freebsd.org Subject: I have four ideia for IPFW2 Message-ID: <20030709181308.573bacf4.linke@calnet.com.br>
next in thread | raw e-mail | index | archive | help
I have four idea for IPFW2 (features): Idea 1) When using: ipfw add allow ip from any to me via xl0 is equal: ipfw add allow ip from any to { IP_xl0 or IP_xl1 or IP_rl0 or ... } via xl0 My idea is an keyword specific for each interface. Sample: ipfw add allow ip from any to me_xl0 via xl0 Idea 2) keyword "net" :-) As we have the IP and netmask of each interface, it would be easy to get the net. Sample: ipfw add allow ip from any to net_xl0 via xl0 Idea 3) The logs with more information, as ( tcpflags (syn,ack,fin,rst...), ipoptions, iplen, iptos, ipttl...) This could more be called by one keyword (ex: logfull) in the IPFW. Sample: ipfw add deny logfull ... Or an sysctl variable :-) Idea 4) When we execute: ipfw -qf flush The dynamic rules are flushed. My ideia is an option for define if Yes or No flushed Dyn Rule. Example: ipfw -nqf flush -n = Dont flush Dyn Rules. This would not erase the dyn rules and yes only the statics rules. As each dynamic rule is entailed to the one static rule, these dinamicas rules would be disentailed UP however. These are my ideas. Thanks for all :D -- [ Diego Linke - GAMK ] System/Network/Security Administrator E-Mail/Site: gamk@gamk.com.br - http://www.gamk.com.br Public Key: http://www.gamk.com.br/gamk.asc Phone Number: (+5541) 9967-3464
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030709181308.573bacf4.linke>