Date: Thu, 13 Dec 2001 01:13:00 +0100 From: Sebastien Petit <spe@bsdfr.org> To: Sam Tannous <stannous@cisco.com>, rizzo@aciri.org Cc: net@freebsd.org Subject: Re: Ethernet Firewall for FreeBSD-4.4 Message-ID: <20011212231410.A996DBA85@sbserv0.intra.selectbourse.net> In-Reply-To: <20011212173538.N28904@cisco.com> References: <20011203211222.DA4386ACF@vega.bsdshell.net> <20011212173538.N28904@cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 12 December 2001 23:35, Sam Tannous wrote: > I've download the ethfw patches (v1.2) and they work fine > on my 4.4 system. One other good reason to add ethfw > to the existing ipfw code (and this is purely subjective) > is that it would look more like ipfw: > > 00100 27 1144 allow ip from any to any > > looks nicer then > > [ 50] REJ VLAN ANY -> ANY < in/out all > > > (I really miss having the little counters too.) > accounting and another features are for the next release of ethfw. > On a more practical level, the configs, code, > man pages, logs, etc....would all be in one place. > They really belong together...perhaps change the name to > simply "fw" ;-) my point of view is the same as Luiggi and yours. So Luiggi is very busy for the moment due to the polling code vs interrupts but he says that we can do this job current January probably. An unified interface is the best solution and I hope this can be done, this comment is perhaps applicable to ip6fw too. > > (I do a lot of work in protocol emulation/testing > that uses divert and dummynet. I would be spending > way too much money on test gear if I didn't have these) Yes, you're right. On Mon, Dec 03, 2001 at 10:06:35PM +0100, Sebastien Petit wrote: > On Monday 03 December 2001 21:28, Luigi Rizzo wrote: > > Sebastien, > > this is a personal point of view, and I know that people think > > differently, but I believe it would be a lot more interesting if > > you would design ethfw as an add-on for ipfw as opposed to a separate > > thing. Not only it would remove some replication from the code (all > > [sg]etsockopt, basically), but would also make its adoption easier > > to people who already use ipfw. In fact, a very preliminary > > incarnation of ethernet matching was already in ipfw some time ago. > > > > I am a strong supporter of a unified interface for > > firewall functions. > > Luigi, Regards, Sebastien. -- The HUT Project http://www.bsdshell.net/ spe@bsdfr.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011212231410.A996DBA85>