Date: Mon, 10 May 1999 06:24:22 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: net@freebsd.org Subject: ipfw misc... Message-ID: <199905100424.GAA12226@labinfo.iet.unipi.it>
next in thread | raw e-mail | index | archive | help
Hi, i have been implementing some additional rules for ipfw to match ethernet header fields. For my purposes, that would mainly be used to block non-ip-related traffic (ie IP and ARP), but it might have some uses for those trying to limit traffic basing on the MAC address, or whatever. Is there any interest for bringing that into the main source tree ? Syntax would be something like ipfw add <action> ether from 12.34.56.78.90 to ... ipfw add <action> ether from type 0x800 to ... etc. On passing, i don't totally like the ipfw approach of deleting the packet in case of a deny rule. For bridging at least, this means we need to make an additional copy just for ipfw purposes (bridged packets may have multiple destinations). If there are no objections, i will move the deletion of the packet outside the ipfw_chk function, so that modules using the code can reuse the packet if they need to. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905100424.GAA12226>