Date: Sun, 27 Sep 1998 16:13:00 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: andrew@squiz.co.nz Cc: Heikki Suonsivu <hsu@clinet.fi>, freebsd-security@FreeBSD.ORG Subject: Re: ipfw Message-ID: <11806.906905580@critter.freebsd.dk> In-Reply-To: Your message of "Mon, 28 Sep 1998 01:59:47 %2B1200." <Pine.BSF.3.96.980928011721.390K-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.980928011721.390K-100000@aniwa.sky>, Andrew McNaughton writes: >On Sun, 27 Sep 1998, Heikki Suonsivu wrote: > >> Date: Sun, 27 Sep 1998 15:16:42 +0300 (EEST) >> From: Heikki Suonsivu <hsu@clinet.fi> >> To: freebsd-security@FreeBSD.ORG >> Subject: ipfw >> >> >> How much work would be to rewrite ipfw to have interface-specific lists >> instead of current global lists ? A long time ago I suggested splitting the one list we have today into several lists, specifically: * per interface input list * per interface output list * packet forwarding list * ip_input() list * ip_output() list Doing it would be simple, but people complained that configuring it would be too complex. This would save a lot of time in complex filters. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11806.906905580>