From owner-freebsd-net@FreeBSD.ORG Thu Apr 7 10:12:03 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E7581065673 for ; Thu, 7 Apr 2011 10:12:03 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1602B8FC18 for ; Thu, 7 Apr 2011 10:12:02 +0000 (UTC) Received: by iwn33 with SMTP id 33so2760283iwn.13 for ; Thu, 07 Apr 2011 03:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=QOBSlQxAiK9+48q4ydpKVPv6WaXGz98Woq/zzHmWIos=; b=GynfGgDxm6b9oIwqNcDsd5NXxNT8uWkJn/Xt5SjkSMJDQvTyd0Y7/WU7XSHQdlwXRa h5uc/Utz2q1MScb3JmzLIc7dZBVU5mo6kKH37/iCkMZSRON7NCGDTq2H00BTlWL6IFOk c3imqiXrPMqGwnAws67iOOsNQWKYEukSVpQ/k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=HUZB2s7Du3OiYzEO66wZIWEfvjO8lPsYFot6s1QmyCz/xhLWvJtZYnNhzkc50oq/Jt Gkg1hGGHndRGcW+9LYYHIGYxdUENrzqgDYftWOiHCJdMERoCGjaXvWAFYv1nHxuml1zc aj2G71MCdCfUMpKW36EJp4KgHIgt+RO0siiF8= MIME-Version: 1.0 Received: by 10.231.16.9 with SMTP id m9mr717305iba.9.1302171122560; Thu, 07 Apr 2011 03:12:02 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.231.160.75 with HTTP; Thu, 7 Apr 2011 03:12:02 -0700 (PDT) In-Reply-To: References: Date: Thu, 7 Apr 2011 12:12:02 +0200 X-Google-Sender-Auth: CHWF9b1JvYeXP9vj30opt_fDqvg Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Quentin Narvor Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-net@freebsd.org, nicolas.greneche@univ-orleans.fr Subject: Re: [PATCH] New feature in Packet Filter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2011 10:12:03 -0000 On Thu, Apr 7, 2011 at 10:21 AM, Quentin Narvor wrote: > Hello, > > My name is Quentin Narvor and I am currently working on intrusion detection. > I use Freebsd 8.2 and I recently needed pf to be able to dynamically fill in > tables according pass rule. > > For performances reasons, I didn't want to do it with a script and pfctl. > Then, with the help of Mr Nicolas Greneche, I made this patch named "add". > It enables pf to add src ip or dst ip in a table when a match occurs on a > pass rule. > I cannot see, apart collecting ips in tables, anything else that cannot be done through pf(4) tags! Can you please describe a use case for this patch? > I submit this patch to your attention. Is this feature is of interest to be > added in PF mainstream ? > > You will find the patch and its documentation in attachment. > Let me know if you think that some modifications are needed. > > Best regards, > > Quentin Narvor > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Ermal