Date: Mon, 26 Feb 1996 22:36:35 -0800 From: Lyndon Nerenberg VE7TCP <lyndon@orthanc.com> To: Joe Greco <jgreco@brasil.moneng.mei.com> Cc: hackers@freebsd.org Subject: Re: IP filtering strawman, comments please. Message-ID: <199602270636.WAA11075@multivac.orthanc.com> In-Reply-To: Your message of "Mon, 26 Feb 1996 15:34:06 CST." <199602262134.PAA16026@brasil.moneng.mei.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Joe" == Joe Greco <jgreco@brasil.moneng.mei.com> writes:
>> Interface matches name Interface matches IP.
Joe> IF it is easy to do, "Interface matches type" (i.e. driver
Joe> type, let's say you want to toss a filter on ALL "ppp" or
Joe> "sl" devices).
Joe> "drop all routing packets coming in via SLIP"
I think what you really want (and what I would like to have) is a
"class" mechanism for grouping interfaces. E.g. I have several PPP
connections, some of which need full outside access, and some don't.
Keying off the link layer protocol isn't fine-grained enough for
my purposes. On the other hand, I don't want to see this get bogged
down in needless complexity.
All in all I like what I'm seeing. I hope to be able to provide a
more detailed response to the proposal tomorrow.
--lyndon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602270636.WAA11075>