forked from ofalk/libdnet
-
Notifications
You must be signed in to change notification settings - Fork 2
/
TODO
45 lines (31 loc) · 1.48 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
ipfw2 on FreeBSD 11.X/12.X/HEAD
optimize port wildcard rules for each firewall type - e.g. using ipf
FR_NONE, pf PF_OP_NONE, etc.
audit addr_ntos() for non-zero'd host bits
make *_loop() prevent modification within loop, or modify only
post-iteration
prefix everything with dnet_*, maybe new API with common dnet_t handle?
more documentation and example code
add a way to enable ip forwarding?
finish IPv6 support everywhere (fw, route, ip6 etc.)
NAT, ipsec interface?
maybe Checkpoint FW-1 support, via OPSEC (hrr)
--------+------+-----+-----+----+----+------+-------+-----+
| addr | arp | eth | fw | ip | intf | route | tun |
--------+------+-----+-----+----+----+------+-------+-----+
openbsd | | | | | | | | |
--------+------+-----+-----+----+----+------+-------+-----+
freebsd | | | | 1 | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
netbsd | | | | | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
macosx | | | | | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
= works, tested 1 = ipfw support, but no ipfw2
? = untested
- = unimplemented
eth_send() doesn't allow src mac spoofing on MacOS X (no
BIOCSHDRCMPLT) without patch (http://slagheap.net/etherspoof/),
also b0rked on BSD/OS, says markus. not possible on Tru64?
no support for ICMP code in ipfw, therefore none in fw-ipfw.c
$Id$