IPv6 support for tables in ipfw?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Fri Oct 5 12:38:14 PDT 2007
On Fri, 5 Oct 2007, Julian Elischer wrote:
Hi,
> Kevin Oberman wrote:
>>> Date: Fri, 05 Oct 2007 11:02:22 -0700
>>> From: Julian Elischer <julian at elischer.org>
>>>
>>> Kevin Oberman wrote:
>>>> At this time the use of tables in ipfw is limited to IPv4. Is anyone
>>>> looking at adding IPv6 address capability?
>>>
>>> I am but it's not 'soon' on my list.
>>
>> I am on travel for a couple of weeks, so I may try and get a start on
>> this while at airports or on planes.
>>
>> Tables are very useful for allowing an IDS set up blocks on the
>> fly. Right now I am limited to a new rule for every block and that is
>> not very portable (since I don't want to step on existing rules) and
>> very messy since, except for the address, all of the rules are
>> identical.
>
> yeah, exactly.. "me too".
>
>> I'm using tables right now for V4, but I really need to have v6 support
>> soon. I'm just not real sure what 'soon' is. I hope it's different from
>> yours.
The question is:
do we want to duplicate the table framework for IPv6 or have mixed
tables with both v4 and v6 addresses?
While I am thinking about performance for lookups etc. I am more
worried about the userspace API which might change. That might be
troublesome for the 7-tree.
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Software is harder than hardware so better get it right the first time.
More information about the freebsd-current
mailing list