Date: Tue, 22 Nov 2005 13:00:00 -0200 From: Patrick Tracanelli <eksffa@freebsdbrasil.com.br> To: ipfw@freebsd.org Subject: Features enhacement: AND-block and "me" expression on a table... Message-ID: <43833270.8060502@freebsdbrasil.com.br>
next in thread | raw e-mail | index | archive | help
Hello ipfw developers,
Would it be hard to make ipfw processing "and" blocks, just like "or"
blocks? I mean, in the following situation:
ipfw add deny log tcp from { not 10.10.10.10/32 or not 10.10.10.20/32 }
to any dst-port 22 out via fxp0 setup keep-state
On my understanding, this rule will *always* match, because the OR block
makes the source always be true, because it *won't* be a orign OR won't
the other be. What if we could have:
ipfw add deny log tcp from { not 10.10.10.10/32 and not 10.10.10.20/32 }
to any dst-port 22 out via fxp0 setup keep-state
?
One more thing, I have just noticed that tables do not accept the "me"
expression. Any chance to have ipfw deal with "me" in a table?
Also, dummynet does not evaluate table well. Only the first address is
matched against a dummynet rule. It would be great if tables could be
used with dummynet and all the mask specifiers...
Those are only some thoughts... =)
--
Patrick Tracanelli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43833270.8060502>