Date: Wed, 15 Jan 1997 22:46:15 -0500 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Poul-Henning Kamp <phk@critter.dk.tfs.com> Cc: Joe Greco <jgreco@solaria.sol.net>, ejs@bfd.com (Eric J. Schwertfeger), nate@mt.sri.com, current@freebsd.org Subject: Re: ipfw cannot do this... Message-ID: <199701160346.WAA11638@whizzo.transsys.com> In-Reply-To: Your message of "Wed, 15 Jan 1997 21:36:56 %2B0100." <28389.853360616@critter.dk.tfs.com> References: <28389.853360616@critter.dk.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is the point where a firewall module using the bpf engine becomes > interesting, and the task more or less changes to one of compiler- > writing... I've done this in a user-mode SLIP implementation on another processor, and it's quite handy and too difficult to do. It turns out that the "compiler" already exists - you can fairly easily extract the one in tcpdump(1) and bend it to your will. Once you've done this in a general purpose way, you could put it in into a dial-on-demand PPP implemenatation have very fine-grained control over what sort of packets are allowed to bring an on-demand PPP link up, and what sort of packets will serve to keep the link from timing out due to inactivity. louie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701160346.WAA11638>