Hello Vadim, I read the messages and man page but did not understand. Maybe it is my lack of knowledge regarding netgraph? Well, in man page it seems that you looked at ipfw source code (.h in fact) to find out the tag number. Can you explain this? A practical example, how could I, for example, block Kazaa or bittorrent based on L7 with ng_tag? Can you please explain the steps on how to do this? I don't run -CURRENT but I need this kind of feature very much, I am downloading a 7.0 snapshot just to test this with ipfw tag. How this addresses the problem on system level L7 filtering? I always though that someone would show up with a userland application that tags packets and returns the tag to ipfw filtering, but you came up with a kernel approach. How better and why it is when compared to evil regexp evaluation on kernel or how efficient is this when compared to Linux L7 which is know to fail a lot (let a number of packets pass)? Sorry for all those questions, but I am an end user in the average, so, I can not understand it myself only reading the code. Thank you for your work and help. It seems that I will have a 7.0 snapshot doing this job to me untill the ipfw tag MFC happens, if I can understand this approach.Received on Sun Jun 11 2006 - 21:02:39 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC