On Wed, May 22, 2002 at 05:38:57PM -0700, Crist J. Clark wrote:
>
> No. sbin/ipfw is just the userland command for modifying rules. The
> actual firewall code lives in sys/netinet/ip_fw.{c,h}.
Hi,
I merged from -CURRENT to my -STABLE tree some changes made in October 2000 to
sys/netinet/ip_fw.{c,h} and sbin/ipfw/ipfw.c which add ipfw
filtering based on iptos.
However, from reading the documentation, it seems that only the
older IP TOS precedence values are supported for filtering.
Is it possible to use ipfw to filter based on any Diffserv codepoint value?
This is from the man page:
" iptos spec
Match if the IP header contains the comma separated list
of service types specified in spec. The supported IP
types of service are:
lowdelay (IPTOS_LOWDELAY), throughput (IPTOS_THROUGHPUT),
reliability (IPTOS_RELIABILITY), mincost (IPTOS_MINCOST),
congestion (IPTOS_CE). The absence of a particular type
may be denoted with a `'!.
"
Thanks.
--
Craig Rodrigues Distributed Systems and Logistics, Office 6/304
[EMAIL PROTECTED] BBN Technologies, a Verizon company
(617) 873-4725 Cambridge, MA
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
