From owner-freebsd-current Sat Jan 8 1:29:21 2000 Delivered-To: freebsd-current@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 686E915246 for ; Sat, 8 Jan 2000 01:29:18 -0800 (PST) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id KAA09763; Sat, 8 Jan 2000 10:29:26 +0100 (CET) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200001080929.KAA09763@info.iet.unipi.it> Subject: Re: ipfw optimizations In-Reply-To: <13115.947320959@critter.freebsd.dk> from Poul-Henning Kamp at "Jan 8, 2000 09:42:39 am" To: Poul-Henning Kamp Date: Sat, 8 Jan 2000 10:29:25 +0100 (CET) Cc: "Rodney W. Grimes" , Patrick Bihan-Faou , Harold Gutch , freebsd-current@FreeBSD.ORG, Nate Williams X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I think the general syntax would be if you could say "for one of my > own IP#" that would be very powerful: > > add allow tcp from any to me 22 > add deny tcp from any to not me 22 the 'me' thing is relatively simple to implement, it suffices to scan the list of IP associated with all interfaces. Can be time-consuming. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message