Date: Tue, 26 Oct 1999 11:22:41 -0400 (EDT) From: Chuck Youse <cyouse@paradox.nexuslabs.com> To: Julian Elischer <julian@whistle.com> Cc: Jerry Bell <jerry@bellnetworks.net>, freebsd-hackers@FreeBSD.ORG Subject: Re: IPFW Improvements. (comments?) Message-ID: <Pine.BSF.4.10.9910261120001.20693-100000@paradox.nexuslabs.com> In-Reply-To: <Pine.BSF.4.10.9910190114150.25065-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Oct 1999, Julian Elischer wrote: > > The real advantage is being able to do somethine like this: > > > > #!/bin/sh > > dnservers=10.0.0.1,10.0.0.2,10.0.0.3 > > smtpservers=10.0.0.4,10.0.0.5,10.0.0.6 > > ipfw add pass udp from any to $dnservers 53 > > ipfw add pass tcp from any to $smtpservers 25 > > > > ... and so on. > but you need to store this somewhere.. > the present system of fixed structures doesn't support this without an > enormous waste of space...I'm not sure how useful it would be in > practice.. Actually, for what he's describing, we could simply modify /sbin/ipfw to add multiple rules. For example, the first ipfw example above would be expanded to: ipfw add pass udp from any to 10.0.0.1 53 ipfw add pass udp from any to 10.0.0.2 53 ipfw add pass udp from any to 10.0.0.3 53 I'm not quite sure of the value of this in practice either (as one could easily expand the rules by hand), but it's not too difficult to implement. Chuck Youse To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910261120001.20693-100000>