propose a new generic purpose rule option for ipfw

'Luigi Rizzo' rizzo at
Thu May 29 13:05:41 UTC 2014

On Thu, May 29, 2014 at 08:45:26PM +0800, bycn82 wrote:
> Sure, that is the reason why developers are providing more and more rule options. But the my question is do we have enough options to match all the fixed position values?

we do not have an option for fixed position matching.

As i said, feel free to submit one and i will be happy to
import it if the code is clean (btw i am still waiting
for fixes to the other 'rate limiting' option you sent),
but keep in mind that 'fixed position' is mostly useless.

More useful options would be one where you express the position as


so at least you can adapt to variant headers, or one where you can look
for a pattern in the entire packet or in a portion of it.


More information about the freebsd-net mailing list