From owner-freebsd-hackers Sat Jun 19 7:57:41 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from herring.nlsystems.com (nlsys.demon.co.uk [158.152.125.33]) by hub.freebsd.org (Postfix) with ESMTP id 851FF14BDD; Sat, 19 Jun 1999 07:57:36 -0700 (PDT) (envelope-from dfr@nlsystems.com) Received: from localhost (dfr@localhost) by herring.nlsystems.com (8.9.3/8.8.8) with ESMTP id PAA81256; Sat, 19 Jun 1999 15:58:30 +0100 (BST) (envelope-from dfr@nlsystems.com) Date: Sat, 19 Jun 1999 15:58:30 +0100 (BST) From: Doug Rabson To: Dag-Erling Smorgrav Cc: "Brian F. Feldman" , Ruslan Ermilov , ugen@xonix.com, hackers@FreeBSD.org, luigi@FreeBSD.org Subject: Re: Introduction In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 19 Jun 1999, Dag-Erling Smorgrav wrote: > "Brian F. Feldman" writes: > > It might be worth (discussion of) making ipfilter the firewall of > > choice for 4.0. There would of course be rule conversion > > scripts/programs (ipfw->ipf(5)), and ipfilter would be converted to > > a KLD, cruft removed (I'm going to work on these), and ipfilter KLD > > support (currently options IPFILTER_LKM) made a non-option. It seems > > that our pretty proprietary ipfw is no longer a good idea. > > If ipfilter can to everything ipfw can (judging from ipf(5), it can) > and you even manage to keep an ipfw(8) command around so those who > want kan keep using the old syntax still can, then I for one have no > objections. > > Rewriting ipfw rules to ipfilter rules on the fly should be trivial; a > simple Perl script should be sufficient. Does ipfilter support divert sockets? -- Doug Rabson Mail: dfr@nlsystems.com Nonlinear Systems Ltd. Phone: +44 181 442 9037 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message