From owner-freebsd-net Mon Dec 3 12:28:32 2001 Delivered-To: freebsd-net@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id D042437B417 for ; Mon, 3 Dec 2001 12:28:30 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id fB3KSMJ01520; Mon, 3 Dec 2001 12:28:22 -0800 (PST) (envelope-from rizzo) Date: Mon, 3 Dec 2001 12:28:22 -0800 From: Luigi Rizzo To: Sebastien Petit Cc: net@FreeBSD.ORG Subject: Re: Ethernet Firewall for FreeBSD-4.4 Message-ID: <20011203122822.A1026@iguana.aciri.org> References: <3c0a018d3c51165c@mahonia.wanadoo.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3c0a018d3c51165c@mahonia.wanadoo.fr> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sebastien, this is a personal point of view, and I know that people think differently, but I believe it would be a lot more interesting if you would design ethfw as an add-on for ipfw as opposed to a separate thing. Not only it would remove some replication from the code (all [sg]etsockopt, basically), but would also make its adoption easier to people who already use ipfw. In fact, a very preliminary incarnation of ethernet matching was already in ipfw some time ago. I am a strong supporter of a unified interface for firewall functions. cheers luigi On Sun, Dec 02, 2001 at 11:25:44AM +0100, Sebastien Petit wrote: > Hi, > > I just release a new patch file for implementing an Ethernet Firewall under > FreeBSD. the tar.gz distro come with a patch for 4.4 kernels, an utility > ethfw to control rules and a man page. Is there a possibility to implement > this patch (based on Luigi Rizzo ipfw code) on the FreeBSD /usr/src/sys tree ? > you can download the distro at : > http://conan.lip6.fr/~spe/download/ethfw-1.1-freebsd-4.4.tar.gz > > There is a Load Balancer with divert sockets too (don't work yet with SSL and > UDP) and a VRRP daemon on this url too. > > Regards, > Sebastien Petit > -- > spe@bsdfr.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message