1. 19 Oct, 2004 1 commit
  2. 08 Oct, 2004 1 commit
    • Mike Hibler's avatar
      Initial steps toward a hardware-assisted (switch VLAN) firewall implementation. · 0527441a
      Mike Hibler authored
      This checkin adds the necessary NS and client-side changes.
      
      You get such a firewall by creating a firewall object and doing:
      
      	$fw set-type ipfw2-vlan
      
      In addition to the usual firewall setup, it sets the firewall node command
      line to boot "/kernel.fw" which is an IPFW2-enabled kernel with a custom
      bridge hack.
      
      The client-side setup for firewalled nodes is easy: do nothing.
      
      The client-side setup for the firewall is more involved, using vlan devices
      and bridging and all sorts of geeky magic.
      
      Note finally that I don't yet have a decent set of default rules for anything
      other than a completely open firewall.  The rules might be slightly different
      than for the "software" firewall since they are applied at layer2 (and we want
      them just to be applied at layer2 and not multiple times)
      0527441a
  3. 29 Sep, 2004 1 commit
  4. 25 Aug, 2004 1 commit