1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
ipfw2 on FreeBSD/5 (5.1 has pf)
optimize port wildcard rules for each firewall type - e.g. using ipf
FR_NONE, pf PF_OP_NONE, etc.
ipchains sleazy exec
audit addr_ntos() for non-zero'd host bits
make *_loop() prevent modification within loop, or modify only
post-iteration
prefix everything with dnet_*, maybe new API with common dnet_t handle?
more documentation and example code
ip-cooked.c: use RTM_RESOLVE for ip_lookup_mac() (GetBestInterface()?)
add a way to enable ip forwarding?
finish IPv6 support everywhere (fw, route, ip6, win32, etc.)
reimplement win32 fw (lost with laptop hd crash!@#$%)
NAT, ipsec interface?
maybe Checkpoint FW-1 support, via OPSEC (hrr)
--------+------+-----+-----+----+----+------+-------+-----+
| addr | arp | eth | fw | ip | intf | route | tun |
--------+------+-----+-----+----+----+------+-------+-----+
openbsd | | | | | | | | |
--------+------+-----+-----+----+----+------+-------+-----+
freebsd | | | | 1 | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
netbsd | | | | | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
linux | | | | | | | | |
--------+------+-----+-----+----+----+------+-------+-----+
solaris | | | | 7 | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
macosx | | | | | | | | ? |
--------+------+-----+-----+----+----+------+-------+-----+
irix | | | | 7 | | | | - |
--------+------+-----+-----+----+----+------+-------+-----+
bsdi | | | | 7 | | | | - |
--------+------+-----+-----+----+----+------+-------+-----+
tru64 | | | | 7 | | | | - |
--------+------+-----+-----+----+----+------+-------+-----+
hp-ux | | | | 7 | | 3 | | - |
--------+------+-----+-----+----+----+------+-------+-----+
win32 | | | | | | 3 | | - |
--------+------+-----+-----+----+----+------+-------+-----+
unixware| | - | 2 | - | - | | 4 | - |
--------+------+-----+-----+----+----+------+-------+-----+
aix | | 5 | - | - | - | | 6 | - |
--------+------+-----+-----+----+----+------+-------+-----+
= works, tested 1 = ipfw support, but no ipfw2
? = untested 2 = eth_send doesn't work
- = unimplemented 3 = intf_set doesn't work
4 = route_loop only works
5 = arp_show doesn't work
6 = route_loop doesn't work
7 = IP Filter should work, but untested
arp-{bsd,ioctl} both b0rked on unixware
eth_send() doesn't allow src mac spoofing on MacOS X (no
BIOCSHDRCMPLT) without patch (http://slagheap.net/etherspoof/),
also b0rked on BSD/OS, says markus. not possible on Tru64?
no support for ICMP code in ipfw, therefore none in fw-ipfw.c
need reliable, legit HP-UX, Unixware, and AIX accounts with root
access to finish the ports to those platforms. i'd be happy to port to
other platforms also, given similar (temporary) access.
$Id: TODO 582 2005-02-14 21:56:59Z dugsong $
|
