From owner-freebsd-current@FreeBSD.ORG Fri Oct 5 18:55:13 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E58F16A419 for ; Fri, 5 Oct 2007 18:55:13 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outC.internet-mail-service.net (outC.internet-mail-service.net [216.240.47.226]) by mx1.freebsd.org (Postfix) with ESMTP id 6E8E213C458 for ; Fri, 5 Oct 2007 18:55:13 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Fri, 05 Oct 2007 11:55:12 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 1BE5B1265A9; Fri, 5 Oct 2007 11:55:12 -0700 (PDT) Message-ID: <47068893.1080303@elischer.org> Date: Fri, 05 Oct 2007 11:55:15 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Kevin Oberman References: <20071005183124.3619C4500E@ptavv.es.net> In-Reply-To: <20071005183124.3619C4500E@ptavv.es.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: IPv6 support for tables in ipfw? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2007 18:55:13 -0000 Kevin Oberman wrote: >> Date: Fri, 05 Oct 2007 11:02:22 -0700 >> From: Julian Elischer >> >> Kevin Oberman wrote: >>> At this time the use of tables in ipfw is limited to IPv4. Is anyone >>> looking at adding IPv6 address capability? >> >> I am >> but it's not 'soon' on my list. > > I am on travel for a couple of weeks, so I may try and get a start on > this while at airports or on planes. > > Tables are very useful for allowing an IDS set up blocks on the > fly. Right now I am limited to a new rule for every block and that is > not very portable (since I don't want to step on existing rules) and > very messy since, except for the address, all of the rules are > identical. yeah, exactly.. "me too". > I'm using tables right now for V4, but I really need to have v6 support > soon. I'm just not real sure what 'soon' is. I hope it's different from > yours.