From owner-freebsd-net  Wed Mar 28  7:42:37 2001
Delivered-To: freebsd-net@freebsd.org
Received: from net.tamu.edu (net.tamu.edu [128.194.177.50])
	by hub.freebsd.org (Postfix) with ESMTP id 8CEA637B718
	for <freebsd-net@FreeBSD.ORG>; Wed, 28 Mar 2001 07:42:35 -0800 (PST)
	(envelope-from daved@net.tamu.edu)
Received: by net.tamu.edu (Postfix, from userid 157)
	id EF25715891; Wed, 28 Mar 2001 09:42:34 -0600 (CST)
Date: Wed, 28 Mar 2001 09:42:34 -0600
From: Dave Duchscher <daved@tamu.edu>
To: Julian Elischer <julian@elischer.org>
Cc: Luigi Rizzo <luigi@info.iet.unipi.it>,
	Archie Cobbs <archie@dellroad.org>, Peter.Blok@inter.NL.net,
	freebsd-net@FreeBSD.ORG
Subject: Re: netgraph ng_bridge and ipfilter
Message-ID: <20010328094234.D1325@net.tamu.edu>
References: <200103270656.IAA78972@info.iet.unipi.it> <3AC0CCC3.F7DD8133@elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3AC0CCC3.F7DD8133@elischer.org>; from julian@elischer.org on Tue, Mar 27, 2001 at 09:24:19AM -0800
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Mar 27, 2001 at 09:24:19AM -0800, Julian Elischer wrote:
> > in this case, this person seemed to _need_ the interaction in
> > order to have a bridging firewall
>
>
> that would be a brouter and not a bridge..Filering on IP at link layer..
> yuck.

I would call it a packet filter style Firewall and they have been
around for a while now.  No, I don't see them as bad.  They have their
uses just like any technology.  In fact, if I ever get the time (not
likely), I was thinking of researching converting our packet filtering
firewall (Drawbridge) to a netgraph node.

DaveD

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message