[Cerowrt-devel] BCP38 implementation
toke at toke.dk
Thu Mar 20 14:14:29 EDT 2014
On 20 March 2014 18:38:17 CET, Dave Taht <dave.taht at gmail.com> wrote:
> I have tested this, made one small modification, and it will be in
> cerowrt-3.10.32-12 and on by default. Nice work!
> One possible problem with pushing this up to openwrt is that arguably
> it needs to apply this to the "wan" abstraction in the firewall rules
> rather than a specific interface, and hook into that chain instead.
> (on the other hand, using an actual interface is also good)
Well, having the configuration option be for a firewall zone rather than an interface shouldn't be that difficult. More of a policy question of how to handle upstream detection etc for potentially multiple interfaces. But then I suppose having the option of adding the filter to multiple interfaces might be useful too...
Either way, I can look into it at some later date if it becomes an issue. :)
> The ipset facility has great potential for other uses, for example:
Yeah, it seems to be pretty cool. How is it related to nftables?
More information about the Cerowrt-devel