I have four ideia for IPFW2
Diego Linke - GAMK
linke at calnet.com.br
Wed Jul 9 14:15:53 PDT 2003
I have four idea for IPFW2 (features):
Idea 1)
When using:
ipfw add allow ip from any to me via xl0
is equal:
ipfw add allow ip from any to { IP_xl0 or IP_xl1 or IP_rl0 or ... } via xl0
My idea is an keyword specific for each interface.
Sample:
ipfw add allow ip from any to me_xl0 via xl0
Idea 2)
keyword "net" :-)
As we have the IP and netmask of each interface, it would be easy to get the net.
Sample:
ipfw add allow ip from any to net_xl0 via xl0
Idea 3)
The logs with more information, as ( tcpflags (syn,ack,fin,rst...), ipoptions, iplen, iptos, ipttl...)
This could more be called by one keyword (ex: logfull) in the IPFW.
Sample:
ipfw add deny logfull ...
Or an sysctl variable :-)
Idea 4)
When we execute:
ipfw -qf flush
The dynamic rules are flushed.
My ideia is an option for define if Yes or No flushed Dyn Rule.
Example:
ipfw -nqf flush
-n = Dont flush Dyn Rules.
This would not erase the dyn rules and yes only the statics rules.
As each dynamic rule is entailed to the one static rule, these dinamicas rules would be disentailed UP however.
These are my ideas.
Thanks for all :D
--
[ Diego Linke - GAMK ]
System/Network/Security Administrator
E-Mail/Site: gamk at gamk.com.br - http://www.gamk.com.br
Public Key: http://www.gamk.com.br/gamk.asc
Phone Number: (+5541) 9967-3464
More information about the freebsd-ipfw
mailing list