On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: L> if i understand what the patch does, i think it makes sense to be L> able to hook ipfw instances to specific interfaces/sets of interfaces, L> as it permits the writing of more readable rulesets. Right now the L> workaround is start the ruleset with skipto rules matching on L> interface names, and then use some discipline in "reserving" a range L> of rule numbers to each interface.
This is definitely a desired feature, but it should be implemented on level of pfil(9). However, that would still require multiple instances of ipfw(4). -- Totus tuus, Glebius. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
