Date: Mon, 3 Dec 2001 12:28:22 -0800 From: Luigi Rizzo <rizzo@aciri.org> To: Sebastien Petit <spe@bsdfr.org> Cc: net@FreeBSD.ORG Subject: Re: Ethernet Firewall for FreeBSD-4.4 Message-ID: <20011203122822.A1026@iguana.aciri.org> In-Reply-To: <3c0a018d3c51165c@mahonia.wanadoo.fr> References: <3c0a018d3c51165c@mahonia.wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Sebastien, this is a personal point of view, and I know that people think differently, but I believe it would be a lot more interesting if you would design ethfw as an add-on for ipfw as opposed to a separate thing. Not only it would remove some replication from the code (all [sg]etsockopt, basically), but would also make its adoption easier to people who already use ipfw. In fact, a very preliminary incarnation of ethernet matching was already in ipfw some time ago. I am a strong supporter of a unified interface for firewall functions. cheers luigi On Sun, Dec 02, 2001 at 11:25:44AM +0100, Sebastien Petit wrote: > Hi, > > I just release a new patch file for implementing an Ethernet Firewall under > FreeBSD. the tar.gz distro come with a patch for 4.4 kernels, an utility > ethfw to control rules and a man page. Is there a possibility to implement > this patch (based on Luigi Rizzo ipfw code) on the FreeBSD /usr/src/sys tree ? > you can download the distro at : > http://conan.lip6.fr/~spe/download/ethfw-1.1-freebsd-4.4.tar.gz > > There is a Load Balancer with divert sockets too (don't work yet with SSL and > UDP) and a VRRP daemon on this url too. > > Regards, > Sebastien Petit > -- > spe@bsdfr.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011203122822.A1026>