From: Dave Taht <dave.taht@gmail.com>
To: Outback Dingo <outbackdingo@gmail.com>
Cc: codel@lists.bufferbloat.net, Sebastian Moeller <moeller0@gmx.de>,
cerowrt-devel@lists.bufferbloat.net,
bloat <bloat@lists.bufferbloat.net>
Subject: Re: [Codel] [Cerowrt-devel] preliminary codel and fq_codel support for cerowrt
Date: Wed, 16 May 2012 10:52:16 -0700 [thread overview]
Message-ID: <CAA93jw5RJLh4m-w63kaaY-9T9quXVFbZebV=-6G7YOkuBqtCyw@mail.gmail.com> (raw)
In-Reply-To: <CAKYr3zxKOg52FAqSr-7rdUK15iUyw58u83wZLxxbkKSCOzNz4Q@mail.gmail.com>
The problem with most home router firewalls today is that they have a strict
"us" vs "them" concept in them, and are closely tied to what can be
NATed, or not, which limits our internet to tcp and udp.
Recently the concept of 'guest' has been added to many devices,
which doesn't work particularly well.
A problem with "us vs them" and extending this sort of thinking
to ipv6, is that interesting new protocols such as
sctp, hip, rdp, dccp, rsvp esp, gre, ah, skip, ospf, vrrp, isis, manet, shim6,
wesp, and rohc...
are all blocked by default in ipv6, too.
It doesn't need to be this way.
I have hated living in a world of purely tcp on port 80 and 443.
Seeing udp begin to fail in multiple respects - such as dns,dhcp, voice, etc
really bothers me.
So cerowall attempted (I've never finished it) to use pattern matching
in iptables, and device renaming, to make it possible to have a nearly
default free zone (DFZ) for guests, and use a bare minimum of rules,
to pass through...
and the core idea was also be able to pass ALL protocols everywhere,
under ipv6.
The current openwrt firewall solution scales O(n) where n = the number
of interfaces
the cerowall idea scales O(n) where n = the number of different zones.
Firewalling is responsible for a minimum of 11% of the current runtime,
with the current firewall rules, with 6 interfaces in play.
CeroWall did a lot better, while opening up new vistas to play in.
--
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
prev parent reply other threads:[~2012-05-16 17:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-14 20:59 [Codel] " Dave Taht
2012-05-14 21:58 ` [Codel] [Cerowrt-devel] " Outback Dingo
2012-05-16 16:34 ` Sebastian Moeller
2012-05-16 17:09 ` dave taht
2012-05-16 17:16 ` Outback Dingo
2012-05-16 17:52 ` Dave Taht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/codel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAA93jw5RJLh4m-w63kaaY-9T9quXVFbZebV=-6G7YOkuBqtCyw@mail.gmail.com' \
--to=dave.taht@gmail.com \
--cc=bloat@lists.bufferbloat.net \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=codel@lists.bufferbloat.net \
--cc=moeller0@gmx.de \
--cc=outbackdingo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox