Date: Thu, 27 Dec 2018 18:38:51 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Willem Jan Withagen <wjw@digiware.nl>, Craig Leres <leres@freebsd.org>, Dave Cottlehuber <dch@skunkwerks.at>, freebsd-hackers@freebsd.org Subject: Re: rcorder for vpn-like tunnels during early rc.d startup Message-ID: <5C24B9CB.1070800@grosbein.net> In-Reply-To: <f2d7e351-f895-5f9e-d4fd-d6db34ae5ba4@digiware.nl> References: <1545487265.3497867.1616158504.69E513B4@webmail.messagingengine.com> <f9a31f17-0e5f-265a-60ac-010e0c16bc22@grosbein.net> <b86faac8-9428-7935-6444-a9a1ac032250@freebsd.org> <8a8c6e8e-4781-9e03-36cf-b7974cb719bc@grosbein.net> <f2d7e351-f895-5f9e-d4fd-d6db34ae5ba4@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27.12.2018 18:09, Willem Jan Withagen wrote: > Might want to use the ifup/ifdown scripts to add the specifics for the > VPN that just came up. Tricky part is how to get things in the tables at > the right place. > > So with IPFW I use specific line numbers reserved to insert certain > rules. (using counter rules to split the fw code into blocks) > > But it sort of feels like going back in the 80's basic programming. Current ipfw implementation allows you to use 'tun*' or table containing interface names: ipfw table NAME create type iface ipfw add 2000 allow ip from any to any via 'table(NAME)' ipfw table NAME add tap0 ipfw table NAME add tun0 Note you do not have to change ruleset at all; you add or delete table records only.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5C24B9CB.1070800>