Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Jul 2004 00:36:28 -0400
From:      James <haesu@towardex.com>
To:        sid@merlin.com.ua
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw add allow ip from @access_list1  to any in
Message-ID:  <20040701043628.GA96007@scylla.towardex.com>
In-Reply-To: <841905563.20040629185504@merlin.com.ua>
References:  <841905563.20040629185504@merlin.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Sid,

I haven't really had chance look at your actual code, but do want to let you
know that there is a recent table patch done by Ruslan Ermilov for IPFW2.
The tables patch so far works well (been using it on couple production boxes
running 4.9-STABLE), and it checks the packets against the list in a patricia
trie lookup, which is significantly faster than linear search for a firewall.

I am not sure how your @accesslist element is checked, but if it is searched in
a linear order, it's probably not going to be any different than matching using
{ a or b or c } braces, in terms of performance/efficiency.

-J

On Tue, Jun 29, 2004 at 06:55:04PM -0700, sid@merlin.com.ua wrote:
>   Hi,
>   for my own purposes I add some new features to ipfw2.
>   now hereis patches for 5.1
>   Luigi some time ago have a look at ones, but now..
>   if it is looks like interesting, get and enjoy it free
>   this is not a release, I stil work about it.
>   and I wait for 5.3 to make complete patches for 5.3.
>   will be pleasure for me if this will include to release...
> 
>   read first:
>   ftp://merlin.com.ua/pub/FreeBSD/5.1/ipfw_sid/readme
>   
>   ftp://merlin.com.ua/pub/FreeBSD/5.1/ipfw_sid/*.tgz
> 
>   disclaimer:
>   who downloaded it, please make backups your original files,
>   extract patches in new directory and look at ones first.
>   if you not sure that you doing, do not do anything, please.
>   support of that features only if ones will include in FreeBSD
>   and only via freebsd-hackers@freebsd.org
> 
>   its do like this:
>   
> ipnt add @MY_NET 192.168.0.0/16
> ipnt add @MY_NET 195.66.199.0/24
> ipnt add @MY_NET 62.16.9.0/24
> 
> ipfw add 350 pipe 350 ip from any to @MY_NET out
> 
> you can manipulate that lists without changing firewall
> 
> ipnt del @MY_NET 0/0
> ipnt add @MY_NET 1.1.1.1
> 
> 
>   
>   sid_at_merlin.com.ua  
> 
> 
> 
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james@towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040701043628.GA96007>