From owner-freebsd-net@freebsd.org  Sat Oct 10 09:31:41 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FCB49D247D
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sat, 10 Oct 2015 09:31:41 +0000 (UTC)
 (envelope-from archycho@gmail.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id E342C1325
 for <freebsd-net@freebsd.org>; Sat, 10 Oct 2015 09:31:40 +0000 (UTC)
 (envelope-from archycho@gmail.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id E25E39D247B; Sat, 10 Oct 2015 09:31:40 +0000 (UTC)
Delivered-To: net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1F719D247A
 for <net@mailman.ysv.freebsd.org>; Sat, 10 Oct 2015 09:31:40 +0000 (UTC)
 (envelope-from archycho@gmail.com)
Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com
 [IPv6:2607:f8b0:400e:c03::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B48EF1324
 for <net@freebsd.org>; Sat, 10 Oct 2015 09:31:40 +0000 (UTC)
 (envelope-from archycho@gmail.com)
Received: by pablk4 with SMTP id lk4so109073415pab.3
 for <net@freebsd.org>; Sat, 10 Oct 2015 02:31:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=content-type:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=3M+KLvcqv9bRDDLcoBrHXFBXHL94w6giFsgj49veEis=;
 b=JE+gYFu/QpF8BVTtUXvJWtGgN8qukTTY8gaknAA6CVI82FG4LPaqCkKhLPJhkc3tO6
 y0vIOVE2xJW+wxP0rbeQCO3cVDs6VptoCLfMpGExcWCbMUjI0AfdVyhJoPkJr42yLQej
 tfdfSZ2qwzwsifjcG8WU+N6bCbU9NVjm2SyAvIoUEOKY+sXtIBrlJ/Uj4zo0USz31t9m
 6bT8izMlUD/vw6mEb9M+oD0g2Z/vdT3tG6uZ1grWOhhKh+MzAa5C8GQ/+y3/ow8FFJJQ
 UeW1YRA+BKg5m6DxybbgI3FbK4kyyXuZtNZ12JbvpNRYaMoYBERQS+f1EipokakYczRY
 3rmg==
X-Received: by 10.66.55.66 with SMTP id q2mr21522090pap.89.1444469500377;
 Sat, 10 Oct 2015 02:31:40 -0700 (PDT)
Received: from [192.168.168.178] (183179028116.ctinets.com. [183.179.28.116])
 by smtp.gmail.com with ESMTPSA id
 w8sm3029251pbs.87.2015.10.10.02.31.39
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Sat, 10 Oct 2015 02:31:39 -0700 (PDT)
Content-Type: text/plain; charset=big5
Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\))
Subject: Re: Freebsd 10.2 amd64 netmap ipfw
From: Archy Cho <archycho@gmail.com>
In-Reply-To: <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com>
Date: Sat, 10 Oct 2015 17:31:37 +0800
Cc: net@freebsd.org,
 rizzo@iet.unipi.it
Content-Transfer-Encoding: quoted-printable
Message-Id: <2ED21620-6B73-4EBB-A532-7152E443B5A9@gmail.com>
References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com>
 <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com>
To: Jim Thompson <jim@netgate.com>
X-Mailer: Apple Mail (2.3094)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Oct 2015 09:31:41 -0000

Dear Jim

Sorry , maybe my poor english.

My freebsd box have 4 interfaces , 2ix and 2igb .

I connect ssh via igb0.

What I am facing is , I have re-compiled kernel to have netmap.ko ,
a router box (just static routes ) with ix0 and ix1.=20

I compile the kipfw and run =A1=A7 ./kipfw netmap:ix0 netmap:ix1 =A1=A7 =
,=20
all connection with ix0 and ix1 will getting blocked ,=20
my ipfw rules is only one line =A1=A7 add 65534 pass ip from any to =
any=A1=A8 .

My question is , do netmap with ipfw could be used for a production =
filtering box ?

I google around and see someone was working but I could not get full =
documents for installation or testing.

Thanks for advise.

Archy Cho


> Jim Thompson <jim@netgate.com> =A9=F3 2015=A6~10=A4=EB10=A4=E9 =
=A4W=A4=C81:14 =BCg=B9D=A1G
>=20
>=20
>> On Oct 9, 2015, at 7:14 AM, Archy Cho <archycho@gmail.com> wrote:
>>=20
>> I think I must misunderstand something , could anyone send me advise?
>> Or any documents could help to build a NETMAP IPFW firewall box ?
>=20
> See the last several paragraphs of:=20
>=20
> https://github.com/luigirizzo/netmap-ipfw/blob/next/README
>=20
> Note that the "telnet localhost 5566" traffic generator hack mentioned =
in the README doesn't work without a recompile, but you won't need it =
for running real traffic.
>=20
> Jim
>=20