On Wednesday 18 April 2007 18:08, Julian Elischer wrote: > Also One possibility of 6 would be to make a family of > firewalls rather than one, that work together, >
Hi probably I do not understand what you are trying to achieve ... basicly I am missing a reason for this "making it complicated" the beauty of ipfw is it's easy use and easy to read, short, it is clear so why do you want to complicate it? > e.g. L2FW (layer 2 firewall) that knows about MAC packets etc > but calls IPFW for ip packets should it want to do so. that is perfectly possible today as it is > IPFW in turn the ability to call TCPFW > for some sessions and TCPFW would know about > modules that in turn know about different > protocols. you can perfectly write sh functions which you call under certain circumstances, there is no need to reinvent the wheel > IPFW could be called from the IP layer, or from the FW of a lower layer. > each layer would have the ability to do some inspection of the payload to > help decide which higher layer might be relevant. please give a real world reason and/or example for this need, which then of course could not be solved be actual ipfw functions or rc.firewall script engeneering > > I can imagine an HTTPFW which does some small tests and if it needs to can > divert the session to a proxy. It would know some basic rules of HTTP. for > example. could you please let out your imagination and tell some practical and usefull example? Of course as well a case which could not be solved by ipfw as it is? João A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
