Date: Tue, 27 Feb 1996 08:26:48 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: hackers@freebsd.org Subject: Re: IP filtering strawman, comments please. Message-ID: <199602271426.IAA17168@brasil.moneng.mei.com> In-Reply-To: <13784.825425462@critter.tfs.com> from "Poul-Henning Kamp" at Feb 27, 96 01:51:02 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Wait. One thing: > > > > > Interface matches name > > > Interface matches IP. > > > > IF it is easy to do, "Interface matches type" (i.e. driver type, let's say > > you want to toss a filter on ALL "ppp" or "sl" devices). > > > > I am thinking mainly about trying to easily implement a rule such as: > > > > "drop all routing packets coming in via SLIP" > > I have thought about this, I can see a couple of (non-exclusive) solutions: > > ... via ppp* > interpreted as if_name must be ppp[0-9][0-9]* (for any value > of ppp of course, ed* sl* tun* ...) > > ... via P2P > interpreted as if_flags must have POINTTOPOINT set. My personal preference would still be for the former. I use PPP for dynamic links, but SLIP for 24/7 connections particularly if there's extra routing that needs to happen. That of course could be considered a personality quirk :-) I have definite ideas about how things should work. ;-) Either is probably quite acceptable, and it is clear that one can get by with neither as well. > > which might be mildly trickier to specify using more specific rules. This > > would only be useful to the ISP community - where 16 or 32 SLIP lines is > > hardly unusual - but it WOULD be useful to them, if you can easily > > accomplish it. > > > > On the other hand, what you have outlined is very comprehensive as it > > stands, IMHO. > > Thanks! No, thank YOU. :-) ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602271426.IAA17168>