Date: Mon, 06 Sep 2010 17:26:18 -0300 From: Anderson Eduardo <listas@secover.com.br> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: freebsd-current@freebsd.org Subject: Re: Using ipfw table names instead of numbers. Message-ID: <4C854E6A.1030504@secover.com.br> In-Reply-To: <20100905155311.GA48095@onelab2.iet.unipi.it> References: <4C825094.5040204@secover.com.br> <20100905155311.GA48095@onelab2.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Em 5/9/2010 12:53, Luigi Rizzo escreveu: > On Sat, Sep 04, 2010 at 10:58:44AM -0300, Anderson Eduardo wrote: >> Hello developers, >> >> I use the ipfw firewall with many tables and, I would like of able to >> use it with name/alias instead of just numbers. >> >> E.g: >> >> lab# ipfw table 1 name lanetwork >> Setting table 1 to lanetwork >> lab# ipfw table lanetwork add 192.168.0.0/24 >> lab# ipfw table lanetwork list >> 192.168.0.0/24 0 >> lab# >> >> I think a good idea a patch to do that. > > if you have a patch feel free to post it. > the main issue is that internally, for efficiency reason, > the name must be translated to a number anyways, so before implementing > it one must decide where the name-number translation table is stored > and how it is managed > The same applies to any name vs. number issue in ipfw/dummynet > Service, protocol and host names solve these issues because there > is a well defined place for the translation table. But, for instance, > hostname mappings are static (translated at rule insertion time) > whereas one might want a more dynamic behaviour (e.g. refresh > whenever the DNS response expires). > > cheers > luigi Luigi, I did some changes just in user-land, I didn't touch in kernel. I will check if I can do that, I'm not a good developer. Thanks. --=20 Anderson Eduardo Diretor Geral Tel.: +55 (71) 3641-6450 Secover - Servi=E7os em Tecnologia e Seguran=E7a da Informa=E7=E3o http://www.secover.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C854E6A.1030504>