From owner-freebsd-hackers Sat Jun 19 7:52:11 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 810B014BDD; Sat, 19 Jun 1999 07:52:07 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.1) id QAA89155; Sat, 19 Jun 1999 16:52:00 +0200 (CEST) (envelope-from des) To: "Brian F. Feldman" Cc: Doug Rabson , Dag-Erling Smorgrav , Ruslan Ermilov , ugen@xonix.com, hackers@FreeBSD.org, luigi@FreeBSD.org Subject: Re: Introduction References: From: Dag-Erling Smorgrav Date: 19 Jun 1999 16:51:59 +0200 In-Reply-To: "Brian F. Feldman"'s message of "Sat, 19 Jun 1999 10:22:23 -0400 (EDT)" Message-ID: Lines: 19 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Brian F. Feldman" writes: > It might be worth (discussion of) making ipfilter the firewall of > choice for 4.0. There would of course be rule conversion > scripts/programs (ipfw->ipf(5)), and ipfilter would be converted to > a KLD, cruft removed (I'm going to work on these), and ipfilter KLD > support (currently options IPFILTER_LKM) made a non-option. It seems > that our pretty proprietary ipfw is no longer a good idea. If ipfilter can to everything ipfw can (judging from ipf(5), it can) and you even manage to keep an ipfw(8) command around so those who want kan keep using the old syntax still can, then I for one have no objections. Rewriting ipfw rules to ipfilter rules on the fly should be trivial; a simple Perl script should be sufficient. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message