Date: Sun, 28 Mar 1999 07:28:46 -0800 (PST) From: "Jonathan M. Bresler" <jmb@hub.freebsd.org> To: luigi@labinfo.iet.unipi.it Cc: housley@frenchknot.ne.mediaone.net, noor@NetVision.net.il, freebsd-hackers@FreeBSD.ORG Subject: Re: ipfw behavior, is it normal? Message-ID: <19990328152846.B065314C14@hub.freebsd.org> In-Reply-To: <199903281244.OAA03534@labinfo.iet.unipi.it> (message from Luigi Rizzo on Sun, 28 Mar 1999 14:44:47 %2B0200 (MET DST)) References: <199903281244.OAA03534@labinfo.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> > Date: Sun, 28 Mar 1999 14:44:47 +0200 (MET DST) > Cc: housley@frenchknot.ne.mediaone.net, noor@NetVision.net.il, > freebsd-hackers@FreeBSD.ORG > Content-Type: text > Sender: owner-freebsd-hackers@FreeBSD.ORG > X-Loop: FreeBSD.ORG > Precedence: bulk > > Re. the problem with ipfw configurations... > > should we add another instruction to ipfw > > <action> <proto> between A and B ... > > to ease life in configuring firewalls ? Performance of a ruleset > will be only marginally improved, but having simpler rules will > indirectly make configurations more secure by reducing mistakes. i understand between to be a short cut that replaces "from A to B" and "from B to A". i prefer the present syntax, it allows me to control who originates the connection. seems to me that the new syntax would not be used very frequently. most of my rules (27 of 30) have "any" as one endpoint. dont think that i want to use a "between" in cominbation with "any". seems to me that its better to have people understand what they are configuratin rather than make the configuration syntax hide the asymmetric nature of tcp. jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990328152846.B065314C14>