ipfw/ipf IP filtering thoughts
Volker Stolz
stolz at i2.informatik.rwth-aachen.de
Sun Nov 30 00:52:14 PST 2003
In local.freebsd-hackers, you wrote:
> In ipchains and iptables you have a sequential list of rules, very
> much like in ipfw and ipf, but you can have several different lists
> which have symbolic names and you can make calls from lists to other
> lists based on normal packet criteria. If the list is exchausted, the
> scan returns to the previous list.
You should be able to accomplish the same -- although in a more convoluted
way -- with ipf[w]. You might want to use a higher-level tool though instead
of writing all the rules by hand. Try using fwbuilder or code your own ab-
straction which translates to ipfw rules.
Volker
--
http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME
rage against the finite state machine
More information about the freebsd-hackers
mailing list