From owner-cvs-all Tue Feb 13 6:12:43 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C229F37B4EC; Tue, 13 Feb 2001 06:12:39 -0800 (PST) Received: (from phk@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1DECdZ12064; Tue, 13 Feb 2001 06:12:39 -0800 (PST) (envelope-from phk) Message-Id: <200102131412.f1DECdZ12064@freefall.freebsd.org> From: Poul-Henning Kamp Date: Tue, 13 Feb 2001 06:12:37 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG phk 2001/02/13 06:12:37 PST Modified files: sys/netinet ip_fw.c ip_fw.h sbin/ipfw ipfw.8 ipfw.c Log: Introduce a new feature in IPFW: Check of the source or destination address is configured on a interface. This is useful for routers with dynamic interfaces. It is now possible to say: 0100 allow tcp from any to any established 0200 skipto 1000 tcp from any to any 0300 allow ip from any to any 1000 allow tcp from 1.2.3.4 to me 22 1010 deny tcp from any to me 22 1020 allow tcp from any to any and not have to worry about the behaviour if dynamic interfaces configure new IP numbers later on. The check is semi expensive (traverses the interface address list) so it should be protected as in the above example if high performance is a requirement. Revision Changes Path 1.158 +13 -1 src/sys/netinet/ip_fw.c 1.57 +5 -2 src/sys/netinet/ip_fw.h 1.78 +15 -1 src/sbin/ipfw/ipfw.8 1.99 +60 -41 src/sbin/ipfw/ipfw.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message