From owner-freebsd-hackers  Tue Oct 26 10:41:34 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
	by hub.freebsd.org (Postfix) with ESMTP id 3310C14EDE
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 26 Oct 1999 10:41:31 -0700 (PDT)
	(envelope-from julian@whistle.com)
Received: from home.elischer.org (home.elischer.org [207.76.204.203])
	by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id KAA61444;
	Tue, 26 Oct 1999 10:41:16 -0700 (PDT)
Date: Tue, 26 Oct 1999 10:41:17 -0700 (PDT)
From: Julian Elischer <julian@whistle.com>
X-Sender: julian@home.elischer.org
To: Chuck Youse <cyouse@paradox.nexuslabs.com>
Cc: Jerry Bell <jerry@bellnetworks.net>, freebsd-hackers@FreeBSD.ORG
Subject: Re: IPFW Improvements. (comments?)
In-Reply-To: <Pine.BSF.4.10.9910261120001.20693-100000@paradox.nexuslabs.com>
Message-ID: <Pine.BSF.4.05.9910261040080.4711-100000@home.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

check how the netatalk code expands a range in to teh minumm set of
netmasks needed to cover that range.
(somewhere in /sys/netatalk).

On Tue, 26 Oct 1999, Chuck Youse wrote:

> 
> 
> On Tue, 19 Oct 1999, Julian Elischer wrote:
> 
> > > The real advantage is being able to do somethine like this:
> > > 
> > > #!/bin/sh
> > > dnservers=10.0.0.1,10.0.0.2,10.0.0.3
> > > smtpservers=10.0.0.4,10.0.0.5,10.0.0.6
> > > ipfw add pass udp from any to $dnservers 53
> > > ipfw add pass tcp from any to $smtpservers 25
> > > 
> > > ... and so on.
> > but you need to store this somewhere..
> > the present system of fixed structures doesn't support this without an
> > enormous waste of space...I'm not sure how useful it would be in
> > practice..
> 
> Actually, for what he's describing, we could simply modify /sbin/ipfw to
> add multiple rules.  For example, the first ipfw example above would be
> expanded to:
> 
> ipfw add pass udp from any to 10.0.0.1 53
> ipfw add pass udp from any to 10.0.0.2 53
> ipfw add pass udp from any to 10.0.0.3 53
> 
> I'm not quite sure of the value of this in practice either (as one could
> easily expand the rules by hand), but it's not too difficult to implement.
> 
> Chuck Youse
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message