On Tue, 19 Oct 1999, Julian Elischer wrote:
> > The real advantage is being able to do somethine like this:
> >
> > #!/bin/sh
> > dnservers=10.0.0.1,10.0.0.2,10.0.0.3
> > smtpservers=10.0.0.4,10.0.0.5,10.0.0.6
> > ipfw add pass udp from any to $dnservers 53
> > ipfw add pass tcp from any to $smtpservers 25
> >
> > ... and so on.
> but you need to store this somewhere..
> the present system of fixed structures doesn't support this without an
> enormous waste of space...I'm not sure how useful it would be in
> practice..
Actually, for what he's describing, we could simply modify /sbin/ipfw to
add multiple rules. For example, the first ipfw example above would be
expanded to:
ipfw add pass udp from any to 10.0.0.1 53
ipfw add pass udp from any to 10.0.0.2 53
ipfw add pass udp from any to 10.0.0.3 53
I'm not quite sure of the value of this in practice either (as one could
easily expand the rules by hand), but it's not too difficult to implement.
Chuck Youse
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
