Date: Wed, 8 Feb 2012 17:35:59 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: Ermal Lu?i <eri@FreeBSD.org>, freebsd-net <freebsd-net@FreeBSD.org>, freebsd-hackers@FreeBSD.org Subject: Re: [PATCH] multiple instances of ipfw(4) Message-ID: <20120208133559.GK13554@FreeBSD.org> In-Reply-To: <20120131110204.GA95472@onelab2.iet.unipi.it> References: <CAPBZQG32iyzkec4PG%2Bqay9bKfd0GiffKyRBapLkATKvHr7cVww@mail.gmail.com> <20120131110204.GA95472@onelab2.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: L> if i understand what the patch does, i think it makes sense to be L> able to hook ipfw instances to specific interfaces/sets of interfaces, L> as it permits the writing of more readable rulesets. Right now the L> workaround is start the ruleset with skipto rules matching on L> interface names, and then use some discipline in "reserving" a range L> of rule numbers to each interface. This is definitely a desired feature, but it should be implemented on level of pfil(9). However, that would still require multiple instances of ipfw(4). -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120208133559.GK13554>