Date: Thu, 19 Sep 2002 11:07:07 +0300 (EEST) From: Adrian Penisoara <ady@freebsd.ady.ro> To: freebsd-net@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Desired feature: ipfw pass for routed IPs Message-ID: <Pine.BSF.4.10.10209191054220.82837-100000@ady.warpnet.ro>
next in thread | raw e-mail | index | archive | help
Hi,
When building anti-spoofing firewall rules on a routing server it
would be very helpfull to have a way to tell ipfw (or other firewalling
mechanisms) to pass all pachets that the source or destination IP has a
valid (static/daemon) routing entry in the kernel.
Something maybe like:
ipfw add allow ip from any to any routed static via xl0
ipfw add deny ip from any to any via xl0
The 'routed' keyword should accept route associated flags (like those
listed in route(8)). That would be a desired feature too, because some
routing daemons mark their routes in a different way (for example Zebra
brings up the RTF_PROTO1 flag on its routes).
It's been said that iproute2 in the recent Linux kernels alreay
support this, but I haven't checked out closely.
How hard would that be to implement ?
Thank you,
Adrian Penisoara
Ady (@freebsd.ady.ro)
____________________________________________________________________
| An age is called Dark not because the light fails to shine, but |
| because people refuse to see it. |
| -- James Michener, "Space" |
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10209191054220.82837-100000>