From owner-freebsd-bugs@FreeBSD.ORG  Tue Sep 30 15:10:20 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DAF5716A4B3
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 30 Sep 2003 15:10:20 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 57ADF43FFD
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 30 Sep 2003 15:10:20 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8UMAKFY063929
	for <freebsd-bugs@freefall.freebsd.org>;
	Tue, 30 Sep 2003 15:10:20 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8UMAJkb063928;
	Tue, 30 Sep 2003 15:10:19 -0700 (PDT)
	(envelope-from gnats)
Date: Tue, 30 Sep 2003 15:10:19 -0700 (PDT)
Message-Id: <200309302210.h8UMAJkb063928@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
Subject: Re: kern/57428: a couple of new sysctl to toggle which IP firewall
	(IPFW or IPF) would process packets first
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2003 22:10:21 -0000

The following reply was made to PR kern/57428; it has been noted by GNATS.

From: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
To: ale@unixmania.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/57428: a couple of new sysctl to toggle which IP firewall (IPFW or IPF) would process packets first
Date: Wed, 1 Oct 2003 00:07:15 +0200

 > >Description:
 > 	Sometimes in my job as netadmin I found possibility to choose
 > 	which IP firewall, among IPFW(2) and IPFilter, would process packets
 > 	first would be a very useful thing. Think about complex firewall
 > 	rules where a single IP firewall is not enough because of very good
 > 	NAT capabilities of IPF and/or fine bandwidth control of IPFW.
 > 	By default FreeBSD kernel process IPFilter hooks before IPFW ones.
 > 	The attached patch, while style(9)-istically absolutely horrible ;),
 > 	allow toggle such default for both input and output packets.
 > 	Few days of test on a moderately load home server said it seems
 > 	to work as expected, but it defintely need more testing.
 
 Just for audit-trail: this PR is also related with kern/46564.
 
 
 -- 
 Paweł Małachowski