Date: Tue, 2 May 2000 08:13:37 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Archie Cobbs <archie@whistle.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: ether matching in ipfw?? Message-ID: <200005020613.IAA48539@info.iet.unipi.it> In-Reply-To: <200005012021.NAA93590@bubba.whistle.com> from Archie Cobbs at "May 1, 2000 01:21:43 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > HOWEVER: for the future re-inclusion I would be a strong advocate > > of a unified firewall interface rather than separate things > > (etherfw, ipfw). The reason is because at times one might want > > to interleave rules matching ethernet headers, ip headers, tcp ... > Yes, I think that's a good idea. > > Seems like a good approach would be to have separate per-layer > filtering in the kernel implementation, with a nice intuitive > unified userland view. as long as one can intermix rules for different layers, which is not immediately clear to me if we implement separate per-layer filters (in the sense that there will still be the need of a unique list of rules which span the separate filters, meaning we need a unified kernel interface as well). So i guess we should end up having (in the kernel) net_fw.c and then ether_fw.c ip_fw.c ip6_fw.c ipx_fw.c ... cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005020613.IAA48539>