On Wed, Aug 02, 2006 at 12:27:39PM +0200, Ian FREISLICH wrote:
...
> things. I can also give the ifp->if_index cache a go. Since I
> need to virualise the firewall, I need a set of rules for each
> interface. I can't think of another way of sharing the firewall
> beween a few hundred customers than by doing this:
that's too heavyweight, perhaps you need to implement a
new microinstruction to hash the interface name and do an indirect
jump to the right target. Although the syntax can be tricky, something
like
hash-if name:base:delta[,name:base:delta]
where name is the basename of the interface (e.g. vlan)
so that packets from interface fooX would jump to base+X*delta
cheers
luigi
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
