Date: 25 Jul 2002 09:02:11 -0500 From: Kirk Strauser <kirk@strauser.com> To: freebsd-stable@freebsd.org Subject: Re: HEADS-UP ipfw now in -stable (as an optional replacement of the old ipfw) Message-ID: <87fzy7dhy4.fsf@pooh.int> In-Reply-To: <20020723202849.A82296@iguana.icir.org> References: <20020723202849.A82296@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2002-07-24T03:28:49Z, Luigi Rizzo <luigi@FreeBSD.ORG> writes:
> On the other hand, i believe you do really want to use this new code. In
> addition to being twice as fast in processing individual rules, you can
> use more powerful match patterns such as
>
> ... ip from 1.2.3.0/24{50,6,27,158} to ...
> ... ip from { 1.2.3.4/26 or 5.6.7.8/22 } to ...
> ... ip from any 5-7,9-66,1020-3000,4000-5000 to ...
Darn it, Luigi! When I first started using FreeBSD, I learned ipfw. For
reasons that I don't really remember now, I eventually switched to
ipfilter. Now, thanks to this annoyingly attractive commit, I may have to
switch back - especially since I just found out that I'll have to use ipfw
if I want to set up firewalling on a bridge(4) system.
In all seriousness, this looks terrific. Thanks to everyone who made it
happen!
--
Kirk Strauser
The Strauser Group - http://www.strausergroup.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87fzy7dhy4.fsf>