From owner-freebsd-commit  Mon Feb 26 12:18:19 1996
Return-Path: owner-commit
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA12932
          for freebsd-commit-outgoing; Mon, 26 Feb 1996 12:18:19 -0800 (PST)
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA12919
          for cvs-all-outgoing; Mon, 26 Feb 1996 12:18:06 -0800 (PST)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA12891
          Mon, 26 Feb 1996 12:17:52 -0800 (PST)
Received: by gvr.win.tue.nl (8.6.10/1.53)
    id VAA05723; Mon, 26 Feb 1996 21:17:48 +0100
From: guido@gvr.win.tue.nl (Guido van Rooij)
Message-Id: <199602262017.VAA05723@gvr.win.tue.nl>
Subject: Re: cvs commit:  src/sys/conf files src/sys/i386/conf LINT src/sys/netinet ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c
To: phk@freefall.freebsd.org (Poul-Henning Kamp)
Date: Mon, 26 Feb 1996 21:17:48 +0100 (MET)
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-sys@freefall.freebsd.org
In-Reply-To: <199602231548.HAA16489@freefall.freebsd.org> from "Poul-Henning Kamp" at Feb 23, 96 07:48:02 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-commit@FreeBSD.ORG
Precedence: bulk

Poul-Henning Kamp wrote:
> 
> phk         96/02/23 07:48:01
> 
>   Modified:    sys/conf  files
>                sys/i386/conf  LINT
>                sys/netinet  ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c
>   Log:
>   Big sweep over the IPFIREWALL and IPACCT code.
>   
>   Close the ip-fragment hole.
>   Waste less memory.
>   Rewrite to contemporary more readable style.
>   Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
>   Filter incoming >and< outgoing packets.
>   Replace "policy" by sticky "deny all" rule.
>   Rules have numbers used for ordering and deletion.
>   Remove "rerorder" code entirely.
>   Count packet & bytecount matches for rules.

I used to use ipfw a lot. Some 6 months ago I changed to Darren Reed's
ipfilter because:
1) it runs on more platforms
2) it is more actively developped
3) it has more functionality.
Please take a look at:
	http://coombs.anu.edu.au/~avalon

I think we should consider putting it in our base tree too.
What do you guys think?

-Guido