diff options
| author | phk <phk@FreeBSD.org> | 1996-02-24 00:17:35 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 1996-02-24 00:17:35 +0000 |
| commit | 91b3fcc1e2c982b1e7cb98c1dc637495fef116d9 (patch) | |
| tree | 05bf7daa0a77807e1bd278ae2df19f9d46f65caf /sys/netinet/ip_fw.h | |
| parent | 76dbdac3af61758727869feeb30190ad67da1338 (diff) | |
| download | FreeBSD-src-91b3fcc1e2c982b1e7cb98c1dc637495fef116d9.zip FreeBSD-src-91b3fcc1e2c982b1e7cb98c1dc637495fef116d9.tar.gz | |
The new firewall functionality:
Filter on the direction (in/out).
Filter on fragment/not fragment.
Diffstat (limited to 'sys/netinet/ip_fw.h')
| -rw-r--r-- | sys/netinet/ip_fw.h | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 3a2962f..f39688c 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -11,7 +11,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.h,v 1.11.4.2 1996/02/23 15:26:05 phk Exp $ + * $Id: ip_fw.h,v 1.15 1996/02/23 15:47:52 phk Exp $ */ /* @@ -66,21 +66,27 @@ struct ip_fw_chain { #define IP_FW_F_ICMP 0x003 /* This is a ICMP packet rule */ #define IP_FW_F_KIND 0x003 /* Mask to isolate rule kind */ -#define IP_FW_F_ACCEPT 0x004 /* This is an accept rule */ -#define IP_FW_F_PRN 0x008 /* Print if this rule matches */ -#define IP_FW_F_ICMPRPL 0x010 /* Send back icmp unreachable packet */ +#define IP_FW_F_IN 0x004 /* Inbound */ +#define IP_FW_F_OUT 0x008 /* Outboun */ + +#define IP_FW_F_ACCEPT 0x010 /* This is an accept rule */ +#define IP_FW_F_COUNT 0x020 /* This is an accept rule */ +#define IP_FW_F_PRN 0x040 /* Print if this rule matches */ +#define IP_FW_F_ICMPRPL 0x080 /* Send back icmp unreachable packet */ -#define IP_FW_F_SRNG 0x020 /* The first two src ports are a min * +#define IP_FW_F_SRNG 0x100 /* The first two src ports are a min * * and max range (stored in host byte * * order). */ -#define IP_FW_F_DRNG 0x040 /* The first two dst ports are a min * +#define IP_FW_F_DRNG 0x200 /* The first two dst ports are a min * * and max range (stored in host byte * * order). */ -#define IP_FW_F_IFNAME 0x080 /* Use interface name/unit (not IP) */ +#define IP_FW_F_IFNAME 0x400 /* Use interface name/unit (not IP) */ + +#define IP_FW_F_FRAG 0x800 /* Fragment */ -#define IP_FW_F_MASK 0x0FF /* All possible flag bits mask */ +#define IP_FW_F_MASK 0xFFF /* All possible flag bits mask */ /* * Definitions for IP option names. @@ -96,7 +102,7 @@ struct ip_fw_chain { #define IP_FW_TCPF_FIN TH_FIN #define IP_FW_TCPF_SYN TH_SYN #define IP_FW_TCPF_RST TH_RST -#define IP_FW_TCPF_PUSH TH_PUSH +#define IP_FW_TCPF_PSH TH_PUSH #define IP_FW_TCPF_ACK TH_ACK #define IP_FW_TCPF_URG TH_URG |
