New Firewall (hpf) for DragonFlyBSD

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Fri Jan 9 09:06:58 PST 2004


On 09.01.2004, at 15:28, Seb wrote:
Here you can found patch for using High Performance Firewall under
DragonFlyBSD. This firewall is a new type and exprimental. It's a 
constant
time firewall, so CPU consumption is not dependent of rules number. 
This a
turboACL like implementation so the kernel code is very very little.
Actually, hpf recognize some ipfw syntax but an ipfilter parser can be
developped. Dynamic rules are not supported for the moment and some 
options
too. You can see at http://www.phear.org/~spe/syntaxe.txt what type of
syntax is recognized.
I'm sorry, maybe I'm just ignorant, but doesn't such a tree need 256^14 
(or 13) entries?

Also, using ints to store pointers won't work on all architectures.

cheers
  simon
--
/"\   http://corecode.ath.cx/#donate
\ /
 \     ASCII Ribbon Campaign
/ \  Against HTML Mail and News
Attachment:
PGP.sig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00006.pgp
Type: application/octet-stream
Size: 186 bytes
Desc: "Description: This is a digitally signed message part"
URL: <http://lists.dragonflybsd.org/pipermail/submit/attachments/20040109/0ff7e52e/attachment-0019.obj>


More information about the Submit mailing list