Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 30 Nov 2003 09:52:11 +0100
From:      Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
To:        Antti Louko <alo@iki.fi>
Cc:        hackers@freebsd.org
Subject:   Re: ipfw/ipf IP filtering thoughts
Message-ID:  <20031130085211.GA14925@i2.informatik.rwth-aachen.de>
In-Reply-To: <20031130065310.29349.qmail@alo.louko.com>
References:  <20031130065310.29349.qmail@alo.louko.com>

next in thread | previous in thread | raw e-mail | index | archive | help
In local.freebsd-hackers, you wrote:
> In ipchains and iptables you have a sequential list of rules, very
> much like in ipfw and ipf, but you can have several different lists
> which have symbolic names and you can make calls from lists to other
> lists based on normal packet criteria.  If the list is exchausted, the
> scan returns to the previous list. 

You should be able to accomplish the same -- although in a more convoluted
way -- with ipf[w]. You might want to use a higher-level tool though instead
of writing all the rules by hand. Try using fwbuilder or code your own ab-
straction which translates to ipfw rules. 

Volker
-- 
http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME
rage against the finite state machine 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031130085211.GA14925>