Date: Fri, 5 Oct 2007 19:15:07 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Julian Elischer <julian@elischer.org> Cc: freebsd-current@freebsd.org Subject: Re: IPv6 support for tables in ipfw? Message-ID: <20071005191105.C6043@maildrop.int.zabbadoz.net> In-Reply-To: <47068893.1080303@elischer.org> References: <20071005183124.3619C4500E@ptavv.es.net> <47068893.1080303@elischer.org>
index | next in thread | previous in thread | raw e-mail
On Fri, 5 Oct 2007, Julian Elischer wrote: Hi, > Kevin Oberman wrote: >>> Date: Fri, 05 Oct 2007 11:02:22 -0700 >>> From: Julian Elischer <julian@elischer.org> >>> >>> Kevin Oberman wrote: >>>> At this time the use of tables in ipfw is limited to IPv4. Is anyone >>>> looking at adding IPv6 address capability? >>> >>> I am but it's not 'soon' on my list. >> >> I am on travel for a couple of weeks, so I may try and get a start on >> this while at airports or on planes. >> >> Tables are very useful for allowing an IDS set up blocks on the >> fly. Right now I am limited to a new rule for every block and that is >> not very portable (since I don't want to step on existing rules) and >> very messy since, except for the address, all of the rules are >> identical. > > yeah, exactly.. "me too". > >> I'm using tables right now for V4, but I really need to have v6 support >> soon. I'm just not real sure what 'soon' is. I hope it's different from >> yours. The question is: do we want to duplicate the table framework for IPv6 or have mixed tables with both v4 and v6 addresses? While I am thinking about performance for lookups etc. I am more worried about the userspace API which might change. That might be troublesome for the 7-tree. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071005191105.C6043>