From owner-freebsd-security  Sun Sep 27 11:12:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA23451
          for freebsd-security-outgoing; Sun, 27 Sep 1998 11:12:17 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA23437
          for <freebsd-security@FreeBSD.ORG>; Sun, 27 Sep 1998 11:12:10 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id UAA07194;
	Sun, 27 Sep 1998 20:11:42 +0200 (CEST)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id UAA20349;
	Sun, 27 Sep 1998 20:11:40 +0200 (MET DST)
Message-ID: <19980927201139.00803@follo.net>
Date: Sun, 27 Sep 1998 20:11:39 +0200
From: Eivind Eklund <eivind@yes.no>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>, andrew@squiz.co.nz
Cc: Heikki Suonsivu <hsu@clinet.fi>, freebsd-security@FreeBSD.ORG
Subject: Re: ipfw
References: <Pine.BSF.3.96.980928011721.390K-100000@aniwa.sky> <11806.906905580@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <11806.906905580@critter.freebsd.dk>; from Poul-Henning Kamp on Sun, Sep 27, 1998 at 04:13:00PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Sep 27, 1998 at 04:13:00PM +0200, Poul-Henning Kamp wrote:
> A long time ago I suggested splitting the one list we have today into several
> lists, specifically:
> 
> 	* per interface input list
> 	* per interface output list
> 	* packet forwarding list 
> 	* ip_input() list
> 	* ip_output() list
> 
> Doing it would be simple, but people complained that configuring it would
> be too complex.
> 
> This would save a lot of time in complex filters.

I don't think it would have to be complex to configure it - we could
do this splitting automatically, based on what the users has
configured and an 'ipfw finalize' or similar.

Of course, I would rather have everything be explicit, but that has
been shouted down when I suggested it, too.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message