I'm having a strange situation for quite sometime. I have two external
interfaces one of which is an ADSL interface tun0 and obtains IP address
dynamically and the other is a (xl1) leased line which has a static
global IP address, lets say 212.64.212.180. Both interfaces access
internet without
I'm looking at some changes to the pfil and ipfw code.
I notice that the pfil changes for link layer and bridge based
filtering have not been completed yet..
(by which I mean that ipfw is still called directly
from those places rather than via pfil. Is anyone working on this?
I have been playing
On Saturday 21 October 2006 00:57, Julian Elischer wrote:
> I'm looking at some changes to the pfil and ipfw code.
>
> I notice that the pfil changes for link layer and bridge based
> filtering have not been completed yet..
> (by which I mean that ipfw is still called directly
> from those places r
Hello,
I am preparing a test of different FreeBSD firewalls in our lab, before
doing so I am trying to push maximum 2 gbps of traffic through the machine
with a simple routed on it in the most optimal way.
The lab setup is as following:
4 x traffic generators machines: Dual Opteron, generic Free
The more I look at this the more I think that it is broken.
Instead of the bridge registering a separate filter queue for itself,
it is using the queues set up by the IP stack.
It should register its own stack and each filter type should
register their own filter functions for that level on the
Max Laier wrote:
Andre has a WIP for this. I'll let him speak.
It doesn't appear to be in P4 that I have spotted..
I'll wait to hear from him but now I see how pfil works
I can see what needs to be done and can do it if required.
___
freebsd-net@
On Saturday 21 October 2006 03:28, Julian Elischer wrote:
> The more I look at this the more I think that it is broken.
>
> Instead of the bridge registering a separate filter queue for itself,
> it is using the queues set up by the IP stack.
>
> It should register its own stack and each filter typ
On Sat, 21 Oct 2006 03:17:40 +0200 (CEST), in sentex.lists.freebsd.net
you wrote:
>
>dmesg: http://www.codeangels.com/misc/fwtest/first/fw_dmesg.txt
>pciconf: http://www.codeangels.com/misc/fwtest/first/fw_pciconf.txt
>sysctl: http://www.codeangels.com/misc/fwtest/first/fw_sysctl.txt
>kernel: http
I'm working with a FreeBSD-based router that's using IPFW for
policy routing, traffic shaping, and transparent proxying and natd
for network address translation. IPFW does these things pretty well
(in fact, I don't know if another firewall, like pf, could even do
some of these things I'm doing
