Date: Sun, 27 Sep 1998 20:11:39 +0200 From: Eivind Eklund <eivind@yes.no> To: Poul-Henning Kamp <phk@critter.freebsd.dk>, andrew@squiz.co.nz Cc: Heikki Suonsivu <hsu@clinet.fi>, freebsd-security@FreeBSD.ORG Subject: Re: ipfw Message-ID: <19980927201139.00803@follo.net> In-Reply-To: <11806.906905580@critter.freebsd.dk>; from Poul-Henning Kamp on Sun, Sep 27, 1998 at 04:13:00PM %2B0200 References: <Pine.BSF.3.96.980928011721.390K-100000@aniwa.sky> <11806.906905580@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 27, 1998 at 04:13:00PM +0200, Poul-Henning Kamp wrote: > A long time ago I suggested splitting the one list we have today into several > lists, specifically: > > * per interface input list > * per interface output list > * packet forwarding list > * ip_input() list > * ip_output() list > > Doing it would be simple, but people complained that configuring it would > be too complex. > > This would save a lot of time in complex filters. I don't think it would have to be complex to configure it - we could do this splitting automatically, based on what the users has configured and an 'ipfw finalize' or similar. Of course, I would rather have everything be explicit, but that has been shouted down when I suggested it, too. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980927201139.00803>