From owner-freebsd-current  Mon Jun 10 13: 7:18 2002
Delivered-To: freebsd-current@freebsd.org
Received: from femme.listmistress.org (bgp01560565bgs.gambrl01.md.comcast.net [68.50.32.109])
	by hub.freebsd.org (Postfix) with ESMTP
	id D821437B401; Mon, 10 Jun 2002 13:07:08 -0700 (PDT)
Received: from femme.listmistress.org (trish@localhost [127.0.0.1])
	by femme.listmistress.org (8.12.3/8.12.1) with ESMTP id g5AK71cC000620;
	Mon, 10 Jun 2002 16:07:07 -0400 (EDT)
Received: from localhost (trish@localhost)
	by femme.listmistress.org (8.12.3/8.12.3/Submit) with ESMTP id g5AK6wmw000617;
	Mon, 10 Jun 2002 16:07:00 -0400 (EDT)
X-Authentication-Warning: femme.listmistress.org: trish owned process doing -bs
Date: Mon, 10 Jun 2002 16:06:53 -0400 (EDT)
From: Trish Lynch <trish@bsdunix.net>
X-X-Sender:  <trish@femme.listmistress.org>
To: Luigi Rizzo <rizzo@icir.org>
Cc: "Vladimir B.  Grebenschikov" <vova@sw.ru>, <ipfw@FreeBSD.ORG>,
	"current@freebsd.org" <current@FreeBSD.ORG>
Subject: Re: New ipfw code available
In-Reply-To: <20020610024726.A54631@iguana.icir.org>
Message-ID: <20020610160123.B450-100000@femme.listmistress.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, 10 Jun 2002, Luigi Rizzo wrote:

> On Mon, Jun 10, 2002 at 12:47:40PM +0400, Vladimir B.  Grebenschikov wrote:
> ...
> > And what about radix-tree-based ip-list matching ?
>
> yes, it is planned.
>
> 	cheers
> 	luigi
> >
> >  	ipfw add 1 allow ip from {1.2.3.0/24,1.3.5.0/24,17.2.3.4/45,11.2.3.4/30}
> > or
> > 	cat mylist | ipfw list add mylist -
> > 	ipfw add 1 allow ip from @mylist
> >
> > or something like
> >
> > If you deal with large access-lists ipfw becomes not best tool due to
> > linear comparison.

Luigi, gave this a try, and dummynet and my current rulesets except for
one worked fine...

I tried to add a divert rule, and it kept telling me it was an invalid
port for divert/tee.

I went back to the original code... just because I happen to be using natd
:)

After this is fixed, I'll install again and play with the new features :)

-Trish


--
Trish Lynch					trish@bsdunix.net
FreeBSD						The Power to Serve
Ecartis Core Team				trish@listmistress.org
                   http://www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message