[PATCH] multiple instances of ipfw(4)
Gleb Smirnoff
glebius at FreeBSD.org
Wed Feb 8 13:36:01 UTC 2012
On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote:
L> if i understand what the patch does, i think it makes sense to be
L> able to hook ipfw instances to specific interfaces/sets of interfaces,
L> as it permits the writing of more readable rulesets. Right now the
L> workaround is start the ruleset with skipto rules matching on
L> interface names, and then use some discipline in "reserving" a range
L> of rule numbers to each interface.
This is definitely a desired feature, but it should be implemented
on level of pfil(9). However, that would still require multiple
instances of ipfw(4).
--
Totus tuus, Glebius.
More information about the freebsd-net
mailing list