From owner-freebsd-net@FreeBSD.ORG  Tue Apr 16 09:13:20 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id B7AF43E3
 for <net@freebsd.org>; Tue, 16 Apr 2013 09:13:20 +0000 (UTC)
 (envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
 by mx1.freebsd.org (Postfix) with ESMTP id 303A5D85
 for <net@freebsd.org>; Tue, 16 Apr 2013 09:13:20 +0000 (UTC)
Received: (qmail 17057 invoked from network); 16 Apr 2013 10:19:25 -0000
Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2])
 (envelope-sender <andre@freebsd.org>)
 by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
 for <Cy.Schubert@komquats.com>; 16 Apr 2013 10:19:25 -0000
Message-ID: <516D161E.9010701@freebsd.org>
Date: Tue, 16 Apr 2013 11:13:02 +0200
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Cy Schubert <Cy.Schubert@komquats.com>
Subject: Re: ipfilter(4) needs maintainer
References: <201304151748.r3FHmhC3002734@slippy.cwsent.com>
In-Reply-To: <201304151748.r3FHmhC3002734@slippy.cwsent.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "current@freebsd.org" <current@freebsd.org>,
 "net@freebsd.org" <net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2013 09:13:20 -0000

On 15.04.2013 19:48, Cy Schubert wrote:
> I did consider a port but given it would has to touch bits and pieces of
> the source tree (/usr/src), a port would be messy and the decision was made
> to work on importing it into base.

Actually it shouldn't touch many if any pieces of src/sys.  Everything should
happen via sorta published API's the other firewall packages use as well.
Most important pfil hooks.  The hardest part probably is to get the locking
right.

Please run changes to src/sys/net* through glebius@ and me (andre@) first
before committing.  In most, if not all cases, it is possible to find a
generic way of doing things or to standardize on a common one for all of
our packet filters.

-- 
Andre