Date: Wed, 7 May 1997 12:40:50 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: danny@panda.hilink.com.au (Daniel O'Callaghan) Cc: archie@whistle.com, hackers@FreeBSD.ORG Subject: Re: divert still broken? Message-ID: <199705070242.TAA25476@hub.freebsd.org> In-Reply-To: <Pine.BSF.3.91.970507084130.4479r-100000@panda.hilink.com.au> from "Daniel O'Callaghan" at May 7, 97 08:51:15 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Daniel O'Callaghan, sie said: > > > > On Tue, 6 May 1997, Archie Cobbs wrote: > > > Proposal: > > > > deny : drop silently (same as before) > > reject : send ICMP unreachable (same as before) > > [...good proposal snipped..] > > Looks great. > > > Anything else? :-) > > Can't think of anything, offhand. Other than splitting up the ipfw rule > lists so there is a general list and a list per interface. Having > interface lists would speed up searching for rules. attaching them to "struct ifnet *" could be interesting (I looked at doing this long ago but it wasn't "portable" enough to be worth my while). increases the complexity of managing it all though. one list -> one way it can be processed easy to check, easy to manage, easy to verify - in one's head anyway.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705070242.TAA25476>