diff options
author | darrenr <darrenr@FreeBSD.org> | 2005-04-25 17:40:37 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2005-04-25 17:40:37 +0000 |
commit | bf14e64afe4f81f662485a23c288ae2cdb3646d2 (patch) | |
tree | bf434ce9c5e622818240e097f083b32feb85d14e /contrib/ipfilter/todo | |
parent | d438802dcb3e270d6fcc65f075c808c64853a7c2 (diff) | |
download | FreeBSD-src-bf14e64afe4f81f662485a23c288ae2cdb3646d2.zip FreeBSD-src-bf14e64afe4f81f662485a23c288ae2cdb3646d2.tar.gz |
these files should never have been imported...they are junk
Diffstat (limited to 'contrib/ipfilter/todo')
-rw-r--r-- | contrib/ipfilter/todo | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/contrib/ipfilter/todo b/contrib/ipfilter/todo deleted file mode 100644 index 5b2c059..0000000 --- a/contrib/ipfilter/todo +++ /dev/null @@ -1,98 +0,0 @@ -BUGS: ------ -* fix "to <ifname>" bug on FreeBSD 2.2.8 -fastroute works - -=============================================================================== -GENERAL: --------- - -* support redirection like "rdr tun0 0/32 port 80 ..." - -* use fr_tcpstate() with NAT code for increased NAT usage security or even - fr_checkstate() - suspect this is not possible. - -* add another alias for <thishost> for interfaces <thisif>? as well as - all IP#'s associated with the box <myaddrs>? - -time permitting: - -* load balancing across interfaces - -* record buffering for TCP/UDP - -* modular application proxying --done - -* allow multiple ip addresses in a source route list for ipsend - -* port IP Filter to Linux -Not in this century. - -* document bimap - -* document NAT rule order processing - -* add more docs -in progress - -3.4: -XDDD. I agree. Bandwidth Shapping and QoS (Quality of Service, AKA -traffic priorization) should be *TOP* in the TO DO list. - -* Bandwidth limiting!!! -maybe for solaris, otherwise "ALTQ" -* More examples -* More documentation -* Load balancing features added to the NAT code, so that I can have -something coming in for 20.20.20.20:80 and it gets shuffled around between -internal addresses 10.10.10.1:8000 and 10.10.10.2:8000. or whatever. -- done, stage 1 (round robin/split) -The one thing that Cisco's PIX has on IPF that I can see is that -rewrites the sequence numbers with semi-random ones. -- done - -I would also love to see a more extensive NAT. It can choose to do -rdr and map based on saddr, daddr, sport and dport. (Does the kernel -module already have functionality for that and it just needs support in -the userland ipnat?) --sort of done - - * intrusion detection - detection of port scans - detection of multiple connection attempts - - * support for multiple log files - i.e. all connections to ftp and telnet logged to - a seperate log file - - * multiple levels of log severity with E-mail notification - of intrusion alerts or other high priority errors - - * poison pill facility - after detection of a port scan, start sending back - large packets of garbage or other packets to - otherwise confuse the intruder (ping of death?) - -IPv6: ------ -* NAT is yet not available, either as a null proxy or address translation - -BSD: -* "to <if>" and "to <if>:<ip>" are not supported, but "fastroute" is. - -Solaris: -* "to <if>:<ip>" is not supported, but "fastroute" is and "to <if>" are. - -Tru64: ------- -* IPv6 checksum calculation for RST's and ICMP packets is not done (there - are routines in the Tru64 kernel to do this but what is the interface?) - -does bimap allow equal sized subnets? - -make return-icmp 'intelligent' if no type is given about what type to use? - -reply-to - enforce packets to pass through interfaces in particular -combinations - opposite to "to", set reverse path interface - |