From owner-freebsd-hackers Mon Feb 26 22:42:19 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id WAA03404 for hackers-outgoing; Mon, 26 Feb 1996 22:42:19 -0800 (PST) Received: from multivac.orthanc.com (root@multivac.orthanc.com [206.12.238.2]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id WAA03072 for ; Mon, 26 Feb 1996 22:39:52 -0800 (PST) Received: from localhost (lyndon@localhost) by multivac.orthanc.com (8.7.3/8.7.3) with SMTP id WAA11075; Mon, 26 Feb 1996 22:36:36 -0800 (PST) Message-Id: <199602270636.WAA11075@multivac.orthanc.com> X-Authentication-Warning: multivac.orthanc.com: Host lyndon@localhost didn't use HELO protocol From: Lyndon Nerenberg VE7TCP To: Joe Greco cc: hackers@freebsd.org Subject: Re: IP filtering strawman, comments please. In-reply-to: Your message of "Mon, 26 Feb 1996 15:34:06 CST." <199602262134.PAA16026@brasil.moneng.mei.com> Date: Mon, 26 Feb 1996 22:36:35 -0800 Sender: owner-hackers@freebsd.org Precedence: bulk >>>>> "Joe" == Joe Greco writes: >> Interface matches name Interface matches IP. Joe> IF it is easy to do, "Interface matches type" (i.e. driver Joe> type, let's say you want to toss a filter on ALL "ppp" or Joe> "sl" devices). Joe> "drop all routing packets coming in via SLIP" I think what you really want (and what I would like to have) is a "class" mechanism for grouping interfaces. E.g. I have several PPP connections, some of which need full outside access, and some don't. Keying off the link layer protocol isn't fine-grained enough for my purposes. On the other hand, I don't want to see this get bogged down in needless complexity. All in all I like what I'm seeing. I hope to be able to provide a more detailed response to the proposal tomorrow. --lyndon