IPFW2 status update

bycn82 bycn82 at gmail.com
Sun Dec 21 01:54:12 PST 2014


*​I did a full test of the in-kernel NAT​ these days, fixed all the panic
scenarios I met.*

*https://github.com/bycn82/dfly/commits/master
<https://github.com/bycn82/dfly/commits/master>*

*Need users to test it :(*







*Hi,*


*Regards,*
*Bill Yuan*

On 8 December 2014 at 11:55, bycn82 <bycn82 at gmail.com> wrote:

>
>
>
> *Hi,action opcodes 'tag' and 'untag', filter opcode 'tagged' ported from
> FreeBSD. *
>
>
> *in FreeBSD:*
>
> *ipfw add count tag 1 icmp from any to any*
>
> *here will be.*
>
>
>
>
> *ipfw add tag 1 icmpsource can be found
> via:https://github.com/bycn82/dfly/commits/master
> <https://github.com/bycn82/dfly/commits/master>*
>
> * (it can be easily changed if the FreeBSD way is better)*
>
>
>
> *Regards,bycn82*
>
>
>
>
> On Fri, Dec 5, 2014 at 2:35 PM, bycn82 <bycn82 at gmail.com> wrote:
>
>>
>> *Here is the link of the changes.*
>>
>>
>>
>> *https://github.com/bycn82/dfly/commit/cf0cb0df23ef84da3845e73e03d3efde861049b9
>> <https://github.com/bycn82/dfly/commit/cf0cb0df23ef84da3845e73e03d3efde861049b9>
>> *
>>
>>
>>
>> On Thu, Dec 4, 2014 at 9:25 AM, Justin Sherrill <
>> justin at shiningsilence.com> wrote:
>>
>>> For submitting, there's the submit at dragonflybsd.org mailing list.
>>> Sending a diff, or (probably best) a link to a git repo that has the
>>> changes is what you need to do.
>>>
>>> I don't have answers for the other questions.
>>>
>>> On Wed, Dec 3, 2014 at 8:22 AM, bycn82 <bycn82 at gmail.com> wrote:
>>>
>>>> *Hi All,*
>>>>
>>>> *As mentioned in my previous email, I was working on rewriting the ipfw
>>>> firewall recently. Now below 2 things has been done.*
>>>>
>>>> *1. In-kernel NAT ported from FreeBSD.*
>>>> *2. Separate the logic into different module.*
>>>>
>>>> *Please guide me on how to submit the code to Dragonfly. Also please
>>>> share information with me on below direction. that is on my plan.*
>>>>
>>>> *1. Multi-routing table (FIB in FreeBSD)*
>>>> *2. Policy routing.*
>>>> *3. Sample or a generic framework of L7 filter module. (Maybe its
>>>> better to keep stay in user-land because DPI will cause lots of resources).*
>>>>
>>>> *Regards,*
>>>> *Bill Yuan*
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20141221/6cee2f83/attachment-0003.htm>


More information about the Kernel mailing list