On Wed, May 24, 2006 at 01:09:55PM +0000, Oleg Bulyzhin wrote:
> oleg 2006-05-24 13:09:55 UTC
>
> FreeBSD src repository
>
> Modified files:
> sys/netinet ip_fw.h ip_fw2.c
> sbin/ipfw ipfw.8 ipfw2.c
> Log:
> Implement internal (i.e. inside kernel) packet tagging using mbuf_tags(9).
> Since tags are kept while packet resides in kernelspace, it's possible to
> use other kernel facilities (like netgraph nodes) for altering those tags.
>
> Submitted by: Andrey Elsukov <bu7cher at yandex dot ru>
> Submitted by: Vadim Goncharov <vadimnuclight at tpu dot ru>
> Approved by: glebius (mentor)
> Idea from: OpenBSD PF
> MFC after: 1 month
>
> Revision Changes Path
> 1.188 +61 -1 src/sbin/ipfw/ipfw.8
> 1.89 +72 -8 src/sbin/ipfw/ipfw2.c
> 1.106 +6 -0 src/sys/netinet/ip_fw.h
> 1.132 +57 -1 src/sys/netinet/ip_fw2.c
Examples of ipfw rules syntax:
count tag 100 ip from any to any
allow untag 10 ip from any to any tagged 10
allow tag 200 ip from any to any not tagged 0-65535
--
Oleg.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
