[PATCH] multiple instances of ipfw(4)
Ermal Luçi
eri at freebsd.org
Wed Feb 8 14:04:10 UTC 2012
2012/2/8 Gleb Smirnoff <glebius at freebsd.org>:
> On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote:
> L> if i understand what the patch does, i think it makes sense to be
> L> able to hook ipfw instances to specific interfaces/sets of interfaces,
> L> as it permits the writing of more readable rulesets. Right now the
> L> workaround is start the ruleset with skipto rules matching on
> L> interface names, and then use some discipline in "reserving" a range
> L> of rule numbers to each interface.
>
> This is definitely a desired feature, but it should be implemented
> on level of pfil(9). However, that would still require multiple
> instances of ipfw(4).
>
This opens a discussion of architecture design.
I do not think presently pfil(9) is designed to handle such thing!
Regards,
Ermal
More information about the freebsd-hackers
mailing list