From owner-freebsd-hackers Tue Oct 26 8:24:21 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from paradox.nexuslabs.com (cc718001-a.vron1.nj.home.com [24.11.70.21]) by hub.freebsd.org (Postfix) with ESMTP id ADF9B14EEE for ; Tue, 26 Oct 1999 08:24:07 -0700 (PDT) (envelope-from cyouse@paradox.nexuslabs.com) Received: from localhost (cyouse@localhost) by paradox.nexuslabs.com (8.9.3/8.9.3) with ESMTP id LAA23812; Tue, 26 Oct 1999 11:22:42 -0400 (EDT) (envelope-from cyouse@paradox.nexuslabs.com) Date: Tue, 26 Oct 1999 11:22:41 -0400 (EDT) From: Chuck Youse To: Julian Elischer Cc: Jerry Bell , freebsd-hackers@FreeBSD.ORG Subject: Re: IPFW Improvements. (comments?) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 19 Oct 1999, Julian Elischer wrote: > > The real advantage is being able to do somethine like this: > > > > #!/bin/sh > > dnservers=10.0.0.1,10.0.0.2,10.0.0.3 > > smtpservers=10.0.0.4,10.0.0.5,10.0.0.6 > > ipfw add pass udp from any to $dnservers 53 > > ipfw add pass tcp from any to $smtpservers 25 > > > > ... and so on. > but you need to store this somewhere.. > the present system of fixed structures doesn't support this without an > enormous waste of space...I'm not sure how useful it would be in > practice.. Actually, for what he's describing, we could simply modify /sbin/ipfw to add multiple rules. For example, the first ipfw example above would be expanded to: ipfw add pass udp from any to 10.0.0.1 53 ipfw add pass udp from any to 10.0.0.2 53 ipfw add pass udp from any to 10.0.0.3 53 I'm not quite sure of the value of this in practice either (as one could easily expand the rules by hand), but it's not too difficult to implement. Chuck Youse To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message