netmap-ipfw on em0 em1
Luigi Rizzo
rizzo at iet.unipi.it
Tue Nov 4 19:02:52 UTC 2014
the user space netmap-ipfw only supports two interfaces,
The hard problem in moving to 3+ interfaces is not much the code but
deciding where to send a packet once it has passed the filter.
Basically, passing things through the kernel stack is simple
but performance is going to be no better than with the standard firewall
(except for much better behaviour in blocking incoming attacks).
cheers
luigi
On Tue, Nov 4, 2014 at 5:56 AM, Evandro Nunes <evandronunes12 at gmail.com>
wrote:
> hello,
> I am trying to do some basic stateless filtering with netmap-ipfw.
>
> what i have running is:
>
> ./kipfw em1 em2 lo0
>
> and when i do ipfw/ipfw show:
>
> ipfw/ipfw show
> connected to 127.0.0.1:5555
> nalloc 2248 nbytes 136 ptr 0x0
> 00100 0 0 allow ip from any to any via lo0
> 65535 0 0 allow ip from any to any
>
> it's not counting any packet, including loopback
>
> i have seem people using something similar but with ix(4) driver, what I am
> doing wrong?
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
--
-----------------------------------------+-------------------------------
Prof. Luigi RIZZO, rizzo at iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338-6809875 . 56122 PISA (Italy)
-----------------------------------------+-------------------------------
More information about the freebsd-net
mailing list