userfw - modular packet filter
Maxim Ignatenko
gelraen.ua at gmail.com
Mon Feb 13 11:01:28 UTC 2012
Dear -net,
Today I want to present new packet filter for FreeBSD: userfw. It's
main design goal - to be easily extensible.
Source code is here: http://git.userfw.net/ https://github.com/gelraen/userfw/
Dedicated website: http://userfw.net/
userfw's packet processing is, much like ipfw's, based on idea of
ruleset as a list of rules that checked sequentially and performing
some actions if packet matches the rule. Each rule consists of rule
number, rule action and rule condition (match). But unlike in ipfw,
action is not just single keyword with one argument and match is not
list of options. Instead, it implements something like tree structure:
each match and action can have many arguments of different types:
numbers, strings, addresses and even other actions and matches. Even
basic logical operations implemented as matches that takes one (not)
or two (and, or) matches as arguments.
Now there is only small number of operations implemented, but it
already includes support for dummynet and ipfw tables. I hope to
release userfw-0.1 soon and I'll be glad if someone else will join my
work on userfw.
More information about the freebsd-net
mailing list