From owner-freebsd-current  Mon Jan 24 22:44:27 2000
Delivered-To: freebsd-current@freebsd.org
Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184])
	by hub.freebsd.org (Postfix) with ESMTP id 7073614D06
	for <current@FreeBSD.ORG>; Mon, 24 Jan 2000 22:44:22 -0800 (PST)
	(envelope-from luigi@info.iet.unipi.it)
Received: (from luigi@localhost)
	by info.iet.unipi.it (8.9.3/8.9.3) id HAA06859;
	Tue, 25 Jan 2000 07:44:51 +0100 (CET)
	(envelope-from luigi)
From: Luigi Rizzo <luigi@info.iet.unipi.it>
Message-Id: <200001250644.HAA06859@info.iet.unipi.it>
Subject: Re: sys/net/bridge.c IPFIREWALL & DUMMYNET?  WTF?
In-Reply-To: <Pine.BSF.4.21.0001242034470.462-100000@sasami.jurai.net> from "Matthew
 N. Dodd" at "Jan 24, 2000 08:47:02 pm"
To: "Matthew N. Dodd" <winter@jurai.net>
Date: Tue, 25 Jan 2000 07:44:51 +0100 (CET)
Cc: current@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

> Any reason that the IPFIREWALL and DUMMYNET code is present in
> sys/net/bridge.c?  It appears that it makes a number of bad assumptions
> and in general violates the semantics of 'bridging' vs. 'routing'.

the reason is that I needed that functionality, and according to
my experience most people who use bridging on FreeBSD do it just
because they can build a transparent firewall/traffic shaper.
They tell me there are very few if any solutions like this on the
market. So i don't think it is a good idea to remove this
feature which is a very strong selling point.

As for the quality of the code, (and i hope you refer to
the version just committed to -current/-stable) i myself i am
not terribly happy with it, but perhaps if you point out
what are the bad assumptions i make it would help me fix
the code.

	cheers
	luigi

> Should we even encourage people to use this functionality?  Do we really
> want bridge.c to have its own private IP stack?
> 
> Should this code be diked out before 4.0 so we don't expose the masses to
> it?
> 
> -- 
> | Matthew N. Dodd  | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD  |
> | winter@jurai.net |       2 x '84 Volvo 245DL        | ix86,sparc,pmax |
> | http://www.jurai.net/~winter | This Space For Rent  | ISO8802.5 4ever |
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message