IPv6 tables?
Julian Elischer
julian at elischer.org
Wed Aug 6 17:11:58 UTC 2008
Matt Dawson wrote:
> On Wednesday 06 Aug 2008, freebsd-ipfw-request at freebsd.org wrote:
>> On Tuesday 05 August 2008 16:42:25 Max Laier wrote:
>>> On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote:
>>>> Just a quick question: What would it take to have similar functionality
>>>> to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't
>>>> there (other than the fact that I haven't got my finger out and learnt
>>>> the neccessary to add it myself ;) )?
>>> In FreeBSD 7 and above all three firewall packages included with FreeBSD
>>> understand both IPv4 and IPv6. Read the ipfw(8) man page for details on
>>> how to setup IPv6 rules.
>> Oh wait ... you asked something different. Yeah, that would be nice to
>> have. pf does it. If you need a reference.
>
> I did notice pf had tables that can handle both v4 and v6. I hadn't thought of
> reading pf's code to see how it's done, although pf's tables seem to handle
> handle both versions (without looking at the code, just the manpage). I'm
> now wondering which approach would be less resource-hungry: Adding a
> separate "table6" structure or modifying tables to accept v6. The former, to
> my mind, is more economical with large tables.
>
> Thanks to you and Julian for the replies. Looks like I have some code and
> things to read through.
I think I'd go for a single table structure, that only instantiates
the ipv4 or ipv6 table part of itself when you add anentry of that
type.. then when you do a compare, it only looks in the apropriate
half.. Since you always know which you have...
but it would be note to be able do a test against both types with one
ipfw rule.
More information about the freebsd-ipfw
mailing list