Date: Sun, 30 Nov 2003 09:52:11 +0100 From: Volker Stolz <stolz@i2.informatik.rwth-aachen.de> To: Antti Louko <alo@iki.fi> Cc: hackers@freebsd.org Subject: Re: ipfw/ipf IP filtering thoughts Message-ID: <20031130085211.GA14925@i2.informatik.rwth-aachen.de> In-Reply-To: <20031130065310.29349.qmail@alo.louko.com> References: <20031130065310.29349.qmail@alo.louko.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In local.freebsd-hackers, you wrote: > In ipchains and iptables you have a sequential list of rules, very > much like in ipfw and ipf, but you can have several different lists > which have symbolic names and you can make calls from lists to other > lists based on normal packet criteria. If the list is exchausted, the > scan returns to the previous list. You should be able to accomplish the same -- although in a more convoluted way -- with ipf[w]. You might want to use a higher-level tool though instead of writing all the rules by hand. Try using fwbuilder or code your own ab- straction which translates to ipfw rules. Volker -- http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME rage against the finite state machine
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031130085211.GA14925>