From owner-freebsd-hackers Wed Aug 14 10:40:02 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA16540 for hackers-outgoing; Wed, 14 Aug 1996 10:40:02 -0700 (PDT) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA16498 for ; Wed, 14 Aug 1996 10:39:59 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id KAA14023; Wed, 14 Aug 1996 10:38:44 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) by whistle.com via smap (V1.3) id sma014021; Wed Aug 14 10:38:16 1996 Message-ID: <32120ED8.237C228A@whistle.com> Date: Wed, 14 Aug 1996 10:37:28 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0b4 (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: "Jordan K. Hubbard" CC: "archie Ugen J.S.Antsilevich" , hackers@freebsd.org Subject: Re: ipfw vs ipfilter References: <14773.840033327@time.cdrom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > > Heh:) > > Well..intresting enough it always works this way - first ppl take it, then > > they screw it and then they say it's bad and take something else. > > Thanx guys... > > With all due respect, Ugen, the code was a filthy mess when you gave > it to us and was in absolutely no shape to continue using in that way. > It was bad to start with and nobody needed to "screw" anything. If > anything it's been substantially improved over the last 6 months or > so, but dressing a pig in tuxedo still doesn't change him from being a > pig. Ungen, I think that Jordan is overstating things whenn he says it is a pig.. When it came out, it was a great step forward. The main point is that Darren is very actively maintaining and improving his code. He admits that he looked at your code amongst others to ensure that his code has all the functionality needed. I have written several modules for 386BSD/FreeBSD/NetBSD that were originally hailed , then eventually replaced.. That's nature Notice that We have quite an investment in the IPFW package, as we are using it together with the divert additions as the basis for soem quite important features of a product. We do appreciate it.. as to ipfilter, It is possible that darren's active partitcipation in the ongoing improvement of this package makes it a good replacement for ipfw. if this is true, (which is unproven at this time) then there is nothing that should be taken personally about it.. You have to admit that you haven't had the time to spend on continuously turning out new versions of ipfw. most of the new features have come from other people.. I personally don't mind ipfw but ipfilter does have the advantage of giving a common interface to this functionality on NetBSd, Sunos and FreeBSD. Believe me that we would have been very happy to HAVE ipfw. but you can' take away from teh hard work that Darren has been doing to make his product better and better. It shows in the product.. IPFW works but is largely un-cared-for.. ipfilter shows the touches of a loving parent.. If we go to ipfilter, I will need ipfw to still be present until (if ever) ipfilter can do teh same divert socket work that we put into ipfw. I'm not looking forward to the work, but..... Ungen.. don't take it so personally.. those of us out here REALLY APPRECIATE the ifw code and teh work you did to give it to us.. but you in turn must appresciate teh work that daren is doing.. julian