From owner-freebsd-ipfw Wed Nov 24 13:53:20 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from nameserver.austclear.com.au (nameserver.austclear.com.au [192.83.119.132]) by hub.freebsd.org (Postfix) with ESMTP id 5279B152EE; Wed, 24 Nov 1999 13:53:15 -0800 (PST) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.70.1]) by nameserver.austclear.com.au (8.9.3/8.9.3) with ESMTP id IAA69742; Thu, 25 Nov 1999 08:50:35 +1100 (EST) Received: from tungsten (tungsten [192.168.70.1]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id IAA26077; Thu, 25 Nov 1999 08:52:28 +1100 (EST) Message-Id: <199911242152.IAA26077@tungsten.austclear.com.au> X-Mailer: exmh version 2.0.1 12/23/97 To: ipfw@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: new IPFW In-Reply-To: Your message of "Wed, 24 Nov 1999 02:26:29 -0800." <199911241026.CAA45230@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 25 Nov 1999 08:52:28 +1100 From: Tony Landells Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [ using BPF for ipfw ] One concern I would have with that is that there are a lot of tools built on BPF that I would prefer to not be able to run on the firewall. Well, to be more accurate, I'd love to be able to run them on the firewall, but I don't want attackers to have access to them, and the safest option is to not even have support in the kernel for them (I can always plug in a separate sniffer if I really need it). Cheers, Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message