Call for testing: firewall protocol support
Alexander V. Chernikov
melifaro at ipfw.ru
Sun Dec 11 14:25:08 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello list!
This patch adds 'firewall' protocol permitting prefixes announced to
this protocol to be put in configured firewall table with optional value.
Supported firewalls: IPFW, PF, *
Optional value support: IPFW, *
Sample configuration:
protocol bgp {
..
import filter { fw_value = 42; accept; } # Set firewall optional value
for each prefix
}
protocol firewall {
fwtype ipfw;
fwtable "2";
export all;
flush always; # do flush both on startup and shutdown
};
Tested on FreeBSD 8.X, PF should work on Open/NetBSD, too.
[*] I can add support for ipset on demand. However I can't understand
how it can be [effectively] used without some kind of radix/rbtree
backend (according to docs).
P.S.
This can be thought as first step for implementation BGP FlowSpec (RFC 5575)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7krzQACgkQwcJ4iSZ1q2kdjwCfeLiN33YRkFNNCbnIgep7ByLE
U0oAoKirnD5dhKXa++Ig9uXhSBynE1YB
=5b5e
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Add-firewall-protocol.patch
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20111211/b803c014/attachment.ksh>
More information about the Bird-users
mailing list