From owner-freebsd-net@FreeBSD.ORG Sat Mar 6 13:05:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EAAE16A4CE; Sat, 6 Mar 2004 13:05:44 -0800 (PST) Received: from mx01.bos.ma.towardex.com (a65-124-16-8.svc.towardex.com [65.124.16.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CFF843D2F; Sat, 6 Mar 2004 13:05:22 -0800 (PST) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 7A7752F8F9; Sat, 6 Mar 2004 16:05:23 -0500 (EST) Date: Sat, 6 Mar 2004 16:05:23 -0500 From: James To: Andre Oppermann Message-ID: <20040306210523.GA10214@scylla.towardex.com> References: <4043B6BA.B847F081@freebsd.org> <200403011507.52238.wes@softweyr.com> <20040302031625.GA4061@scylla.towardex.com> <20040302042957.GH3841@saboteur.dek.spc.org> <20040302082625.GE22985@cell.sick.ru> <20040303181034.GA58284@scylla.towardex.com> <404653DB.186DA0C2@freebsd.org> <4048F1B7.934AAC89@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4048F1B7.934AAC89@freebsd.org> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: James Subject: Re: My planned work on networking stack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 21:05:44 -0000 thank you! :) i'll try this sometime next week and let you know of any feedbacks i have. -J > > Here you go: > > http://www.nrg4u.com/freebsd/ipfw_versrcreach.diff > > This one implements the standard functionality, the definition of an > interface through which it has to be reachable is not (yet) supported. > > Using this option only makes sense when you don't have a default route > which naturally always matches. So this is useful for machines acting > as routers with a default-free view of the entire Internet as common > when running a BGP daemon (Zebra/Quagga or OpenBSD bgpd). > > One useful way of enabling it globally on a router looks like this: > > ipfw add xxxx deny ip from any to any not versrcreach > > or for an individual interface only: > > ipfw add xxxx deny ip from any to any not versrcreach recv fxp0 > > I'd like to get some feedback (and a man page draft) before I commit it > to -CURRENT. > > -- > Andre -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net