From owner-freebsd-current Mon Jan 24 18:42:37 2000 Delivered-To: freebsd-current@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 00FB114D2B for ; Mon, 24 Jan 2000 18:42:36 -0800 (PST) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.9.3/8.9.3) id TAA16882; Mon, 24 Jan 2000 19:06:41 -0800 (PST) Date: Mon, 24 Jan 2000 19:06:41 -0800 From: Alfred Perlstein To: "Matthew N. Dodd" Cc: current@FreeBSD.ORG Subject: Re: sys/net/bridge.c IPFIREWALL & DUMMYNET? WTF? Message-ID: <20000124190641.R26520@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from winter@jurai.net on Mon, Jan 24, 2000 at 08:47:02PM -0500 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Matthew N. Dodd [000124 18:11] wrote: > Any reason that the IPFIREWALL and DUMMYNET code is present in > sys/net/bridge.c? It appears that it makes a number of bad assumptions > and in general violates the semantics of 'bridging' vs. 'routing'. > > Should we even encourage people to use this functionality? Do we really > want bridge.c to have its own private IP stack? > > Should this code be diked out before 4.0 so we don't expose the masses to > it? I'm not sure what your proposing, if it's removing BRIDGE support from the kernel, I'd have to object. BRIDGE enables me to run a transparent firewall without worrying about routing issues, just drop a machine with BRIDGE and IPFIREWALL in between two points and everything is ok. However enable a DIVERT socket, and it all goes to hell last i checked. Anyhow, can you clarify? -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message