branch ipfilter

[rzo]

hello,

yes, reverse dns may take longer, but this is done only once, i  
therefore assume that this should not be an issue.

concerning open/connected: my implementation is currently only for the 
server side. if the implementation is also for
client side, then we could maybe consider having incoming and outgoing 
rules, or incoming/outgoing handlers, as in linux ipfilter.

If Frederic agrees I would love to work on this together with him, since 
I need it for my project.

Question to Frederic: I need to allow only localhost. localhost may have 
multiple ip addresses, which I do no know in advance.
How can this be implemented with CIDR notation ?

This raises for me another general question: what to do once the 
decision is taken to allow a connection.

I see the following alternatives:

1. add an attachement (as Frederic)
2. have a boolean attribute (as my implementation)
3. remove the handler from the pipeline.

this is a general question which is valid not just for ip filter but for 
other types of handlers.

-- Ron