From owner-freebsd-security  Thu Oct 18  4:50:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51])
	by hub.freebsd.org (Postfix) with ESMTP id E6C5B37B407
	for <freebsd-security@FreeBSD.ORG>; Thu, 18 Oct 2001 04:50:26 -0700 (PDT)
Received: by tao.org.uk (Postfix, from userid 100)
	id 801B893; Thu, 18 Oct 2001 12:50:03 +0100 (BST)
Date: Thu, 18 Oct 2001 12:50:03 +0100
From: Josef Karthauser <joe@tao.org.uk>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: cjclark@alum.mit.edu, Drew Tomlinson <drew@mykitchentable.net>,
	Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG
Subject: Re: Dynamic IPFW Rules
Message-ID: <20011018125003.B29670@tao.org.uk>
Mail-Followup-To: Josef Karthauser <joe@tao.org.uk>,
	Dag-Erling Smorgrav <des@ofug.org>, cjclark@alum.mit.edu,
	Drew Tomlinson <drew@mykitchentable.net>, Mark.Andrews@isc.org,
	freebsd-security@FreeBSD.ORG
References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> <xzpitddffz9.fsf@flood.ping.uio.no> <20011018031427.B3298@blossom.cjclark.org> <xzpelo1fbgx.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="24zk1gE8NUlDmwG9"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <xzpelo1fbgx.fsf@flood.ping.uio.no>; from des@ofug.org on Thu, Oct 18, 2001 at 01:12:46PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--24zk1gE8NUlDmwG9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 18, 2001 at 01:12:46PM +0200, Dag-Erling Smorgrav wrote:
> "Crist J. Clark" <cristjc@earthlink.net> writes:
> > Yeah. I said I would do that (what was I thinking?), but I was waiting
> > on Luigi to finish his updates in -CURRENT and MFCs.
>=20
> You can merge up to rev 1.109 if you also merge the kernel changes
> that correspond to rev 1.90.  They've been in -CURRENT long enough.
> The only problem is that this will break binary compatibility because
> struct ipfw has changed, and good luck trying to skip rev 1.90 -
> you'll get nothing but conflicts.

I'd be interested in taking a look at doing this if no other
committers have time.  I rely quite heavilily on ipfw on -stable,
and have already hacked in the change that supressed the timed out
dynamic rules from the 'ipfw show' output.

Or is someone else working on this already?  I don't want to tread on
anyone's toes.

Joe

--24zk1gE8NUlDmwG9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvOwesACgkQXVIcjOaxUBYR9gCg7xOP+yCdrmNRGkxD7B/ehDIN
8YAAnjTwzm5UuEcoF3Bpx5J76T5K3891
=BcPx
-----END PGP SIGNATURE-----

--24zk1gE8NUlDmwG9--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message