Date: Thu, 27 Dec 2018 21:16:53 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Willem Jan Withagen <wjw@digiware.nl>, Craig Leres <leres@freebsd.org>, Dave Cottlehuber <dch@skunkwerks.at>, freebsd-hackers@freebsd.org Subject: Re: rcorder for vpn-like tunnels during early rc.d startup Message-ID: <a971c256-bc25-8640-f47c-7b6d269a165a@grosbein.net> In-Reply-To: <003d8528-c72b-5861-8c7f-7032731408d5@digiware.nl> References: <1545487265.3497867.1616158504.69E513B4@webmail.messagingengine.com> <f9a31f17-0e5f-265a-60ac-010e0c16bc22@grosbein.net> <b86faac8-9428-7935-6444-a9a1ac032250@freebsd.org> <8a8c6e8e-4781-9e03-36cf-b7974cb719bc@grosbein.net> <f2d7e351-f895-5f9e-d4fd-d6db34ae5ba4@digiware.nl> <5C24B9CB.1070800@grosbein.net> <003d8528-c72b-5861-8c7f-7032731408d5@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
27.12.2018 19:31, Willem Jan Withagen wrote: >> Current ipfw implementation allows you to use 'tun*' or table containing interface names: >> >> ipfw table NAME create type iface >> ipfw add 2000 allow ip from any to any via 'table(NAME)' >> >> ipfw table NAME add tap0 >> ipfw table NAME add tun0 >> >> Note you do not have to change ruleset at all; you add or delete table records only. >> > Nice, > > I was wondering about this, if tables would work for that. > > That is fine if all your VPNs have the same rules, but if they have different properties and are in and outgoing you will want a bit more control over whats going on. > Hence my basic feeling.... :) You still can create several tables for different properties and process tables differently.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a971c256-bc25-8640-f47c-7b6d269a165a>