2012/2/8 Gleb Smirnoff <gleb...@freebsd.org>: > On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: > L> if i understand what the patch does, i think it makes sense to be > L> able to hook ipfw instances to specific interfaces/sets of interfaces, > L> as it permits the writing of more readable rulesets. Right now the > L> workaround is start the ruleset with skipto rules matching on > L> interface names, and then use some discipline in "reserving" a range > L> of rule numbers to each interface. > > This is definitely a desired feature, but it should be implemented > on level of pfil(9). However, that would still require multiple > instances of ipfw(4). > This opens a discussion of architecture design. I do not think presently pfil(9) is designed to handle such thing!
Regards, Ermal _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
