Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 02 Jan 2006 00:14:40 +0100
From:      =?ISO-8859-2?Q?=A3ukasz_Bromirski?= <lbromirski@mr0vka.eu.org>
To:        freebsd-pf@freebsd.org
Subject:   Re: [feature] ipfw verrevpath/versrcreach?
Message-ID:  <43B86260.3070209@mr0vka.eu.org>
In-Reply-To: <20060101193909.GK826@bashibuzuk.net>
References:  <20051227084823.28384.qmail@web32611.mail.mud.yahoo.com>	<20051227122546.GE81@insomnia.benzedrine.cx>	<43B5C7E1.8060400@mr0vka.eu.org>	<20060101175800.GP42629@FreeBSD.org> <20060101193909.GK826@bashibuzuk.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Yann Berthier wrote:

>    Is there reasons to not implement conditionaly these checks (the
>    strict and the loose mode) in the stack itself, in the same vein than
>    say ithe blackhole or the drop_synfin checks ? Just curious - but
>    uRPF filtering can be very handy, and i don't need full-fledged
>    filtering on every machine.

Yes, after some work on the pf sources I realized that doing the
uRPF work in ip_input.c and controlling it for example via sysctl of
some kind would be cleaner - no dependency on packet filtering of any
kind and functionality done once not splattered over few places.

But I asked because my lack of time and experience in coding *BSD.
I'm slowly moving on, but if someone has 15 minutes of his precious
time free and can code it with closed eyes, surely we'd be grateful.

-- 
this space was intentionally left blank    |            Łukasz Bromirski
you can insert your favourite quote here   |        lukasz:bromirski,net



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B86260.3070209>