wrote:
> On 22/12/2015 10:57 PM, bycn82 wrote:
>
>> Hi Julian,
>>
>> Thanks for the explanation.
>>
>> Since it is on layer2, that means we can differentiate traffic by MAC or
>> other layer2 filters only.
>> e.g , forward the traffic when the type i
December 2015 at 22:40, Julian Elischer <jul...@freebsd.org> wrote:
> On 21/12/2015 5:47 PM, bycn82 wrote:
>
> why fwd based on MAC? Can share more info of your requirement?
>
>
> you still decide to FWD based on IP address, but you do it while the
> packet is still in the
me if I was wrong, but in my opinion, the rule 5 and 10 are
almost the same, so I dont see the benefit by introducing the skipto
rulees. **IMHO, the check-state is to speed-up some selected packets, it
will slow-down all other unexpected packets at the same time.*
*Regards,*
*bycn82*
On 29
*Hi,*
*But I dont understand why you said C-D is already in the dynamic table?
which line create the dynamic rule for it?*
*Regards,*
*bycn82*
On 29 July 2015 at 22:03, Julian Elischer jul...@freebsd.org wrote:
On 7/29/15 5:26 PM, bycn82 wrote:
*Hi Julian,*
*So below are the rules
for me. i am totally dont understand all these. waiting dor example as
well
On Tuesday, July 28, 2015, Ian Smith smi...@nimnet.asn.au wrote:
Way back on Wed, 1 Jul 2015 22:02:53 +0300, Lev Serebryakov wrote:
On 30.06.2015 22:20, Georgios Amanakis via freebsd-ipfw wrote:
It is good
*Hello,*
*Can you please explain what is going one again,*
*Sorry I did not follow the emails, I am not checking the FB email for a
while, *
*I think I missed some emails.*
*e.g *
*what is the purpose of the *skip-immediate-action
*Regards,*
*Bycn82*
On 6 June 2015 at 13:58, Ian Smith smi
:( i still dont understand
what is skipto-nat-allow
On 6 June 2015 at 23:41, bycn82 byc...@gmail.com wrote:
Hi,
i saw my previous email in this thread,but i think i replied that
without fully read all the emails.
i like the state-deny and allow,
actually i tried this, in my opinion
-to the rule.
and the destination rule can be allow or deny or others.
Regards,
Bill Yuan
On 6 June 2015 at 21:48, Ian Smith smi...@nimnet.asn.au wrote:
On Sat, 6 Jun 2015 19:52:35 +0800, bycn82 wrote:
*Hello,*
*Can you please explain what is going one again,*
*Sorry I did not follow
*Cool, But maybe not all people are following this topic, so can you please
simplify it by answering below question in order to allow more people to
know what is going on here.*
*What kind of problem you are facing and how does your patch resolve it?*
On 4 February 2015 at 17:24, Lev
*cool, I like this, it got some points.*
*though the email is too long to be read.*
On 3 February 2015 at 14:44, Julian Elischer jul...@freebsd.org wrote:
On 2/3/15 3:17 AM, Lev Serebryakov wrote:
I propose two new actions: state-allow and state-deny.
They imply keep-state and
Hi,
Finally got some time to read the new implementation of table feature.
Compare to the previous code, it is much more clear now, Well done!
Regards,
Bycn82
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
it depends on the conditions in the switch/case
statements, and I noticed that the cases statement in the 2 loops are not
arranging the opcode in running number, so does the compiler smart enough to
optimize it?
Regards,
Bycn82
From: bycn82 [mailto:byc...@gmail.com]
Sent: Wednesday, 29 October
, it will jump to N, because call the cases are nice in running
numbers,
but when the cases are messy, it will by just like lots of if/else
On Thu, Oct 30, 2014 at 6:30 AM, Erich Dollansky
erichsfreebsdl...@alogt.com wrote:
Hi,
On Wed, 29 Oct 2014 22:39:34 +0800
bycn82 byc...@gmail.com wrote
...@freebsd.org
Hi,
Good job, Waiting for your code :)
Regards,
Bycn82
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
On 9/17/14 22:58, Freddie Cash wrote:
Just to summarise everything:
1. Automatic rule numbering works beautifully if you only ever use
the default rule set (set 0). Meaning, if you don't use any set
commands at all.
2. If you manually number every rule, then using rule sets works
On 9/14/14 20:47, Willem Jan Withagen wrote:
On 14-9-2014 13:44, Ian Smith wrote:
On Sun, 14 Sep 2014 12:36:43 +0200, Willem Jan Withagen wrote:
On 13-9-2014 21:51, Freddie Cash wrote:
You can replicate it using 3 rules, loaded into two sets:
ipfw set disable 1
ipfw add allow
On 9/11/14 23:02, Freddie Cash wrote:
Forgot to mention, this is 64-bit FreeBSD 10.0-RELEASE-p7, using Intel
i350-T4 (igb) NICs.
why not explain the situation by providing a set of rules which can
replicate the problem you mentioned instead of your long long email?
root@FB10Head:/usr/src/sbin/ipfw # make
cc -O2 -pipe -DPF -std=gnu99 -fstack-protector -Wsystem-headers -Werror -Wall
-Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -Wno-empty-body
-Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value
-Wno-parentheses-equality
What is the use case of this addition? Is this objective to limit the
mischief
on a certain port, for example ntp or port 53?
I can appreciate the need to limit the number of packets during, say a DDOS
event, but I'm struggling with why I would want less that 1 packet per second.
The
the duration from measurement `milliseconds` to
`ticks`, and can reuse the logic of PPT. PPT technically is perfect. But for
user, It is ugly. They need to know what TICK is ! anyway, at least user have
an option to choose when they really need to be accurate.
Regards,
Bycn82
-Original
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: bycn82 byc...@gmail.com
To: bug-follo...@freebsd.org,
byc...@gmail.com
Cc: Luigi Rizzo ri...@iet.unipi.it
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Sat, 31 May 2014 00:53:56 +0800
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: bycn82 byc...@gmail.com
To: 'Luigi Rizzo' ri...@iet.unipi.it,
bug-follo...@freebsd.org
Cc:
Subject: RE: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Thu, 29 May 2014 23:06:27 +0800
-Original
: Re: kern/189720: [ipfw] [patch] pps action for ipfw
The following reply was made to PR kern/189720; it has been noted by
GNATS.
From: 'Luigi Rizzo' ri...@iet.unipi.it
To: bycn82 byc...@gmail.com
Cc: bug-follo...@freebsd.org
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date
are
still working on it, Can you please explain in which direction you are
enhancing it ? I am willing to help if I can.
Actually I am trying to introduce some new features into the table.
regards,
bycn82
___
freebsd-ipfw@freebsd.org mailing list
http
On 4/30/14 23:45, Freddie Cash wrote:
On Wed, Apr 30, 2014 at 8:31 AM, bycn82 byc...@gmail.com
mailto:byc...@gmail.comwrote:
On 4/30/14 23:01, Julian Elischer wrote:
On 4/30/14, 8:52 PM, bycn82 wrote:
Hi
`packet per second` it is easy to be implemented
On 5/9/14 0:11, bycn82 wrote:
On 5/8/14 15:38, Luigi Rizzo wrote:
On Thu, May 08, 2014 at 09:09:21AM +0800, bycn82 wrote:
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82byc...@gmail.com
mailto:byc...@gmail.com wrote:
On 5/2/14
I think someone messed-up the makefiles,
root@FB10Head:/usr/src/sys/modules/ipfw # make
make: /usr/src/sys/modules/ipfw/Makefile line 3: Could not find
src.opts.mk
make: /usr/src/sys/modules/ipfw/Makefile line 24: Malformed
conditional (${MK_INET_SUPPORT} != no)
make:
On 5/8/14 15:38, Luigi Rizzo wrote:
On Thu, May 08, 2014 at 09:09:21AM +0800, bycn82 wrote:
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82byc...@gmail.com
mailto:byc...@gmail.com wrote:
On 5/2/14 16:59, Luigi Rizzo wrote
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82 byc...@gmail.com
mailto:byc...@gmail.com wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 byc...@gmail.com
mailto:byc...@gmail.com wrote:
fjwc
Hi
`packet per second` it is easy to be implemented using iptables, there
is a module named `recent`, but in using ipfw, Do we have any solution
to fulfill it? check the link below
https://forums.freebsd.org/viewtopic.php?f=44t=42933p=258441#p258441
bycn82
On 4/30/14 23:01, Julian Elischer wrote:
On 4/30/14, 8:52 PM, bycn82 wrote:
Hi
`packet per second` it is easy to be implemented using iptables,
there is a module named `recent`, but in using ipfw, Do we have any
solution to fulfill it? check the link below
https://forums.freebsd.org
On 4/30/14 23:45, Freddie Cash wrote:
On Wed, Apr 30, 2014 at 8:31 AM, bycn82 byc...@gmail.com
mailto:byc...@gmail.comwrote:
On 4/30/14 23:01, Julian Elischer wrote:
On 4/30/14, 8:52 PM, bycn82 wrote:
Hi
`packet per second` it is easy to be implemented
On 4/21/14 22:34, Andrey V. Elsukov wrote:
On 19.04.2014 11:45, bycn82 wrote:
Hi,
can someone help to explain how does the user land command `ipfw` pass
the rule set into the hook function in the kernel? I assume that it must
be hardcoded in somewhere, but I did not find it yet.
ipfw(8) uses
Hi,
can someone help to explain how does the user land command `ipfw` pass
the rule set into the hook function in the kernel? I assume that it must
be hardcoded in somewhere, but I did not find it yet.
Best Regards
Bycn82
___
freebsd-ipfw
thanks for commenting, for testing
i started to read the source code this morning when i was in the mrt.
i was a java developer and the source code for i have to said what a
mess!
On Wed, 16 Apr 2014 10:40:00 +0800, lhmwzy lhm...@gmail.com wrote:
The following reply was made to PR
tks for ur testing, u r right, that s the reason y i said the `in` option
is not functioning properly.
and who is the guy maintains the source of ipfw. two things i want to said
to him,
1. the source of ipfw is cool,amazingly powerful, by reading the source
code, it found actually it
Cool!
I just finished the overview of the source code,and finally understood the
`for loop` in the ip_fw2.c roughly,
beside of the coding style,sorry for my ironic words, I want to ask
whether my understanding is correct.
you wrap the packet/frame in the `check frame` or `check packet`
,
Bill Yuan
On Wed, 16 Apr 2014 23:23:03 +0800, bycn82 byc...@gmail.com wrote:
Cool!
I just finished the overview of the source code,and finally understood
the `for loop` in the ip_fw2.c roughly,
beside of the coding style,sorry for my ironic words, I want to ask
whether my understanding
38 matches
Mail list logo