Hello ipfw developers,
Would it be hard to make ipfw processing "and" blocks, just like "or"
blocks? I mean, in the following situation:
ipfw add deny log tcp from { not 10.10.10.10/32 or not 10.10.10.20/32 }
to any dst-port 22 out via fxp0 setup keep-state
On my understanding, this rule will *always* match, because the OR block
makes the source always be true, because it *won't* be a orign OR won't
the other be. What if we could have:
ipfw add deny log tcp from { not 10.10.10.10/32 and not 10.10.10.20/32 }
to any dst-port 22 out via fxp0 setup keep-state
?
One more thing, I have just noticed that tables do not accept the "me"
expression. Any chance to have ipfw deal with "me" in a table?
Also, dummynet does not evaluate table well. Only the first address is
matched against a dummynet rule. It would be great if tables could be
used with dummynet and all the mask specifiers...
Those are only some thoughts... =)
--
Patrick Tracanelli
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
