From owner-cvs-src@FreeBSD.ORG Thu Feb 26 02:59:04 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE07416A4CE; Thu, 26 Feb 2004 02:59:04 -0800 (PST) Received: from smtp02.syd.iprimus.net.au (smtp02.syd.iprimus.net.au [210.50.76.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 318E343D1D; Thu, 26 Feb 2004 02:59:04 -0800 (PST) (envelope-from tim@robbins.dropbear.id.au) Received: from robbins.dropbear.id.au (210.50.250.48) by smtp02.syd.iprimus.net.au (7.0.024) id 402CF870003874B5; Thu, 26 Feb 2004 21:59:02 +1100 Received: by robbins.dropbear.id.au (Postfix, from userid 1000) id 97126415D; Thu, 26 Feb 2004 21:56:40 +1100 (EST) Date: Thu, 26 Feb 2004 21:56:40 +1100 From: Tim Robbins To: Luigi Rizzo Message-ID: <20040226105640.GA30144@cat.robbins.dropbear.id.au> References: <200402260234.i1Q2YDx1014240@repoman.freebsd.org> <20040226060126.GA70201@troutmask.apl.washington.edu> <20040226080517.GA29763@cat.robbins.dropbear.id.au> <20040226015016.B23674@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040226015016.B23674@xorpc.icir.org> User-Agent: Mutt/1.4.1i cc: cvs-src@FreeBSD.org cc: Max Laier cc: cvs-all@FreeBSD.org cc: Steve Kargl cc: src-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 10:59:05 -0000 On Thu, Feb 26, 2004 at 01:50:16AM -0800, Luigi Rizzo wrote: > for what matters, i have posted to -net patches some time ago to extend > ipfw2 to deal with ipv6 packets (thus effectively replacing ipfw6). > No feedback in 6 weeks, to me this looks like lack of interest. > > > problem of having too many firewalls. What I'd like to see is ipfw, > > ipfilter and ip6fw implemented in terms of the pf kernel code, then > > what is the motivation for that ? Features ? Personal taste and features. But now that I think about it, I don't mind terribly much whether the kernel is ipfw2 or pf, so long as I get my features and syntactic sugar, and ideally there be only one firewall interface to the kernel. I don't want to start a bikeshed on which is better, and I don't mean to belittle your work on ipfw2 (or Darren's work on IPFilter). Tim