Date: Mon, 1 May 2000 22:03:07 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Archie Cobbs <archie@whistle.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: ether matching in ipfw?? Message-ID: <200005012003.WAA46626@info.iet.unipi.it> In-Reply-To: <200005011926.MAA93100@bubba.whistle.com> from Archie Cobbs at "May 1, 2000 12:26:00 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> In trying to clean up this bridging stuff, I just realized that > ip_fw_chk() contains code for matching Ethernet headers and > non IP packets! > > This hack is just too gross and I plan to rip it out. > Call me Danish if you like. yes it was a gross, and, especially, unfinished hack, and you are welcome to rip it out. I should have done it myself long ago. HOWEVER: for the future re-inclusion I would be a strong advocate of a unified firewall interface rather than separate things (etherfw, ipfw). The reason is because at times one might want to interleave rules matching ethernet headers, ip headers, tcp headers, and having separate filters does not support this. > Does the "ip" in "ipfw" not mean anything to anyone?? for what matters we are already matching TCP flags which are one layer above IP... cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005012003.WAA46626>