Date: Mon, 26 Feb 1996 21:17:48 +0100 (MET) From: guido@gvr.win.tue.nl (Guido van Rooij) To: phk@freefall.freebsd.org (Poul-Henning Kamp) Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/conf files src/sys/i386/conf LINT src/sys/netinet ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c Message-ID: <199602262017.VAA05723@gvr.win.tue.nl> In-Reply-To: <199602231548.HAA16489@freefall.freebsd.org> from "Poul-Henning Kamp" at Feb 23, 96 07:48:02 am
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > > phk 96/02/23 07:48:01 > > Modified: sys/conf files > sys/i386/conf LINT > sys/netinet ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c > Log: > Big sweep over the IPFIREWALL and IPACCT code. > > Close the ip-fragment hole. > Waste less memory. > Rewrite to contemporary more readable style. > Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. > Filter incoming >and< outgoing packets. > Replace "policy" by sticky "deny all" rule. > Rules have numbers used for ordering and deletion. > Remove "rerorder" code entirely. > Count packet & bytecount matches for rules. I used to use ipfw a lot. Some 6 months ago I changed to Darren Reed's ipfilter because: 1) it runs on more platforms 2) it is more actively developped 3) it has more functionality. Please take a look at: http://coombs.anu.edu.au/~avalon I think we should consider putting it in our base tree too. What do you guys think? -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602262017.VAA05723>