-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list! This patch adds 'firewall' protocol permitting prefixes announced to this protocol to be put in configured firewall table with optional value. Supported firewalls: IPFW, PF, * Optional value support: IPFW, * Sample configuration: protocol bgp { .. import filter { fw_value = 42; accept; } # Set firewall optional value for each prefix } protocol firewall { fwtype ipfw; fwtable "2"; export all; flush always; # do flush both on startup and shutdown }; Tested on FreeBSD 8.X, PF should work on Open/NetBSD, too. [*] I can add support for ipset on demand. However I can't understand how it can be [effectively] used without some kind of radix/rbtree backend (according to docs). P.S. This can be thought as first step for implementation BGP FlowSpec (RFC 5575) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7krzQACgkQwcJ4iSZ1q2kdjwCfeLiN33YRkFNNCbnIgep7ByLE U0oAoKirnD5dhKXa++Ig9uXhSBynE1YB =5b5e -----END PGP SIGNATURE-----