My planned work on networking stack
James
haesu at towardex.com
Sat Mar 6 13:05:44 PST 2004
thank you! :)
i'll try this sometime next week and let you know of any feedbacks i have.
-J
>
> Here you go:
>
> http://www.nrg4u.com/freebsd/ipfw_versrcreach.diff
>
> This one implements the standard functionality, the definition of an
> interface through which it has to be reachable is not (yet) supported.
>
> Using this option only makes sense when you don't have a default route
> which naturally always matches. So this is useful for machines acting
> as routers with a default-free view of the entire Internet as common
> when running a BGP daemon (Zebra/Quagga or OpenBSD bgpd).
>
> One useful way of enabling it globally on a router looks like this:
>
> ipfw add xxxx deny ip from any to any not versrcreach
>
> or for an individual interface only:
>
> ipfw add xxxx deny ip from any to any not versrcreach recv fxp0
>
> I'd like to get some feedback (and a man page draft) before I commit it
> to -CURRENT.
>
> --
> Andre
--
James Jun TowardEX Technologies, Inc.
Technical Lead Network Design, Consulting, IT Outsourcing
james at towardex.com Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
More information about the freebsd-net
mailing list