From owner-freebsd-net@FreeBSD.ORG  Wed Feb  8 13:36:01 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A421C106564A;
	Wed,  8 Feb 2012 13:36:01 +0000 (UTC)
	(envelope-from glebius@FreeBSD.org)
Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117])
	by mx1.freebsd.org (Postfix) with ESMTP id 2161C8FC0C;
	Wed,  8 Feb 2012 13:36:00 +0000 (UTC)
Received: from cell.glebius.int.ru (localhost [127.0.0.1])
	by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18Da0G3023112;
	Wed, 8 Feb 2012 17:36:00 +0400 (MSK)
	(envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
	by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18DZx4R023109;
	Wed, 8 Feb 2012 17:35:59 +0400 (MSK)
	(envelope-from glebius@FreeBSD.org)
X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to
	glebius@FreeBSD.org using -f
Date: Wed, 8 Feb 2012 17:35:59 +0400
From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Luigi Rizzo <rizzo@iet.unipi.it>
Message-ID: <20120208133559.GK13554@FreeBSD.org>
References: <CAPBZQG32iyzkec4PG+qay9bKfd0GiffKyRBapLkATKvHr7cVww@mail.gmail.com>
	<20120131110204.GA95472@onelab2.iet.unipi.it>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20120131110204.GA95472@onelab2.iet.unipi.it>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: Ermal Lu?i <eri@FreeBSD.org>, freebsd-net <freebsd-net@FreeBSD.org>,
	freebsd-hackers@FreeBSD.org
Subject: Re: [PATCH] multiple instances of ipfw(4)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2012 13:36:01 -0000

On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote:
L> if i understand what the patch does, i think it makes sense to be
L> able to hook ipfw instances to specific interfaces/sets of interfaces,
L> as it permits the writing of more readable rulesets. Right now the
L> workaround is start the ruleset with skipto rules matching on
L> interface names, and then use some discipline in "reserving" a range
L> of rule numbers to each interface.

This is definitely a desired feature, but it should be implemented
on level of pfil(9). However, that would still require multiple
instances of ipfw(4).

-- 
Totus tuus, Glebius.