On Wed, Dec 15, 2004 at 11:18:10AM +0300, Gleb Smirnoff wrote: [ snip ] > > Sorry, but the short answer is "same was as in Cisco|Juniper world". The > longer > description is: > > The cloner will. If this was sysadmin with ifconfig in his hands, then he > will attach chains to interface. The same was you do it "config term" mode. > If that was an interface auto created by ppp/mpd/etc, than the soft will do > attach chains according to its config file, the same way as you have > interface templates in router-world.
This is not a matter of Cisco-copy or Juniper-copy -- any properly operating router vendor with service provider featureset would implement per-interface firewall hooks (including us). I simply disagreed with the ipfw modification (btw it was my personal disagreement, not a constructive one), but not Gleb's idea. In my ideal world of things, I'd rather have per-interface hooked firewalls operating inside ip_fastforward, not inside regular ip_input functions. At least in the way we modify things for our own, we insert all router-like functionalities within the ip_fastfwd.c ; ip_input.c and others are largely untouched for regular non-router host environment. -J -- James Jun TowardEX Technologies, Inc. Technical Lead Boston IPv4/IPv6 Web Hosting, Colocation and [EMAIL PROTECTED] Network design/consulting & configuration services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
