Date: Wed, 6 Mar 2024 17:48:05 +0100 From: "Peter 'PMc' Much" <pmc@citylink.dinoex.sub.org> To: hackers@freebsd.org Cc: allezvicki@gmail.com, jrm@freebsd.org, allanjude@freebsd.org Subject: Re: Fwd: GSOC Network Configuration Libraries Message-ID: <ZeieRciRl0CRbocO@disp.intra.daemon.contact> In-Reply-To: <CAAfv0379jOZw5sNieauW8TZ%2B_6=g0gfq6h8S_esdsts3eg26OA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I had noticed that project suggestion by Allan Jude. This is an interesting matter, as, in fact, ipfw lacks some kind of higher level interface to configure it. I was confronted with this lack of tooling a few years ago when I moved my jails to VIMAGE, And I noticed that combining NAT functionality with stateful rule behaviour (and possibly other features like packet forwarding) brings along a couple of gotchas - it is not really trivial; and also, many of the examples circling on the net were (are?) kinda sub-optimal. Finally I decided to just write the necessary code. However, I chose the approach that appeared most feasible to me (for my needs, obviousely) which happened to be not a library, but a freestanding web-application. Also I decided to do a full solution that can handle any number of interconnected interfaces and networks, and insert any number of filters into any flow (where filters could be NAT, suricata, NPTv6, or whatever); so this is not (only) for a laptop. Then, I asked around if anybody would be interested in the matter, and found low interest in ipfw in general, and no interest at all in GUI tools (GUI is apparently un-Berkeley). Consequentially I didn't bother to write a documentation, or think about a license to publish the material (because why should I throw stuff after people who aren't interested?) Anyway, you might be interested is issues like this PR 269770, and there is also a few kernel patches I needed, but these are mostly for IPv6 tunneling and hot reloading. cheerio, PMc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZeieRciRl0CRbocO>