Date: Thu, 4 Dec 2003 17:50:36 +0100 From: Devon H.O'Dell <dodell@sitetronics.com> To: Robert Watson <rwatson@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: IPFW and the IP stack Message-ID: <FBEE0A3E-2679-11D8-B8AD-000502C708CB@sitetronics.com> In-Reply-To: <Pine.NEB.3.96L.1031204112630.84430E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, December 4, 2003, at 05:28 PM, Robert Watson wrote: > > On Thu, 4 Dec 2003, Devon H.O'Dell wrote: > >> This is obviously the most logical explanation. There's a good bit of >> questioning for PFIL_HOOKS to be enabled in generic to allow ipf to be >> loaded as a module as well. If this is the case, we'll have two >> firewalls that have their hooks compiled in by default allowing for >> them >> both to be loaded as modules. (Is this still scheduled for 5.2?) >> >> But at this point, there's no way to allow one to turn the IPFW hooks >> *off*. Is there a reason for this? >> >> Would it be beneficial (or possible) to hook ipfw into pfil(9)? This >> way, we could allow the modules to be loaded by default for both and >> also allow for the total absence of both in the kernel. Sorry if I've >> missed discussions on this and am being redundant. > > Sam Leffler has done a substantial amount of work to push all of the > various "hacks"" (features?) behind PFIL_HOOKS, and I anticipate we'll > ship PFIL_HOOKS enabled in GENERIC in 5.3 and use it to plug in most of > these services. This also means packages like IPFilter and PF will > work > "out of the box" without a kernel recompile, not to mention offering > substantial architectural cleanup. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Senior Research Scientist, McAfee > Research This is great news and definitely something I am interesting in contributing to. Sam: how can I help with this? Kind regards, Devon H. O'Dell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FBEE0A3E-2679-11D8-B8AD-000502C708CB>