Date: Tue, 26 Oct 1999 10:41:17 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Chuck Youse <cyouse@paradox.nexuslabs.com> Cc: Jerry Bell <jerry@bellnetworks.net>, freebsd-hackers@FreeBSD.ORG Subject: Re: IPFW Improvements. (comments?) Message-ID: <Pine.BSF.4.05.9910261040080.4711-100000@home.elischer.org> In-Reply-To: <Pine.BSF.4.10.9910261120001.20693-100000@paradox.nexuslabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
check how the netatalk code expands a range in to teh minumm set of netmasks needed to cover that range. (somewhere in /sys/netatalk). On Tue, 26 Oct 1999, Chuck Youse wrote: > > > On Tue, 19 Oct 1999, Julian Elischer wrote: > > > > The real advantage is being able to do somethine like this: > > > > > > #!/bin/sh > > > dnservers=10.0.0.1,10.0.0.2,10.0.0.3 > > > smtpservers=10.0.0.4,10.0.0.5,10.0.0.6 > > > ipfw add pass udp from any to $dnservers 53 > > > ipfw add pass tcp from any to $smtpservers 25 > > > > > > ... and so on. > > but you need to store this somewhere.. > > the present system of fixed structures doesn't support this without an > > enormous waste of space...I'm not sure how useful it would be in > > practice.. > > Actually, for what he's describing, we could simply modify /sbin/ipfw to > add multiple rules. For example, the first ipfw example above would be > expanded to: > > ipfw add pass udp from any to 10.0.0.1 53 > ipfw add pass udp from any to 10.0.0.2 53 > ipfw add pass udp from any to 10.0.0.3 53 > > I'm not quite sure of the value of this in practice either (as one could > easily expand the rules by hand), but it's not too difficult to implement. > > Chuck Youse > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9910261040080.4711-100000>