thank you! :) i'll try this sometime next week and let you know of any feedbacks i have. -J > > Here you go: > > http://www.nrg4u.com/freebsd/ipfw_versrcreach.diff > > This one implements the standard functionality, the definition of an > interface through which it has to be reachable is not (yet) supported. > > Using this option only makes sense when you don't have a default route > which naturally always matches. So this is useful for machines acting > as routers with a default-free view of the entire Internet as common > when running a BGP daemon (Zebra/Quagga or OpenBSD bgpd). > > One useful way of enabling it globally on a router looks like this: > > ipfw add xxxx deny ip from any to any not versrcreach > > or for an individual interface only: > > ipfw add xxxx deny ip from any to any not versrcreach recv fxp0 > > I'd like to get some feedback (and a man page draft) before I commit it > to -CURRENT. > > -- > Andre -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james_at_towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.netReceived on Sat Mar 06 2004 - 12:05:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:46 UTC