From owner-freebsd-security  Fri Apr  9 16:28:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
	by hub.freebsd.org (Postfix) with SMTP
	id 27A031508D; Fri,  9 Apr 1999 16:28:20 -0700 (PDT)
	(envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id PAA00939; Fri, 9 Apr 1999 15:03:12 +0200
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199904091303.PAA00939@labinfo.iet.unipi.it>
Subject: Re: Ipfw related.
To: ru@ucb.crimea.ua (Ruslan Ermilov)
Date: Fri, 9 Apr 1999 15:03:12 +0200 (MET DST)
Cc: smelekov@vniigazmain.gazprom.ru, freebsd-security@freebsd.org,
	luigi@freebsd.org
In-Reply-To: <19990409141345.A31742@relay.ucb.crimea.ua> from "Ruslan Ermilov" at Apr 9, 99 02:13:26 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 493       
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > Is there any other ways to deny packets in both sides (in and out)
> > by writing only one ipfw rule?
> > 
> 
> No, not yet.
> 
> Luigi had some plans (???) to implement ``between'' predicate,
> so you'd be able to write:
> 
> ipfw add xxxx deny ip between my.host.com and evil.host.com

unfortunately, just plans (or even precise ideas on how to implement
something, as in this case) without a strong need for a feature mean it
will be severely delayed by other things...

	cheers
	luigi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message