Date: Mon, 13 Feb 2012 12:31:17 +0200 From: Maxim Ignatenko <gelraen.ua@gmail.com> To: freebsd-net@freebsd.org Subject: userfw - modular packet filter Message-ID: <CABWTX-a1UciLVhU%2Bw7egQB=5gk4=iA1Dk2aXxP0EB_20iP3M5g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Dear -net, Today I want to present new packet filter for FreeBSD: userfw. It's main design goal - to be easily extensible. Source code is here: http://git.userfw.net/ https://github.com/gelraen/userfw/ Dedicated website: http://userfw.net/ userfw's packet processing is, much like ipfw's, based on idea of ruleset as a list of rules that checked sequentially and performing some actions if packet matches the rule. Each rule consists of rule number, rule action and rule condition (match). But unlike in ipfw, action is not just single keyword with one argument and match is not list of options. Instead, it implements something like tree structure: each match and action can have many arguments of different types: numbers, strings, addresses and even other actions and matches. Even basic logical operations implemented as matches that takes one (not) or two (and, or) matches as arguments. Now there is only small number of operations implemented, but it already includes support for dummynet and ipfw tables. I hope to release userfw-0.1 soon and I'll be glad if someone else will join my work on userfw.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABWTX-a1UciLVhU%2Bw7egQB=5gk4=iA1Dk2aXxP0EB_20iP3M5g>