Date: Mon, 8 Mar 2004 20:28:11 -0800 (PST) From: darrenr@FreeBSD.ORG (Darren Reed) To: Tim Robbins <tjr@freebsd.org> Cc: src-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c Message-ID: <20040309042811.97EF816A4CF@hub.freebsd.org> In-Reply-To: <20040226080517.GA29763@cat.robbins.dropbear.id.au>
index | next in thread | previous in thread | raw e-mail
In some mail I received from Tim Robbins, sie wrote > > You forgot about ip6fw. I agree that having 4 firewalls in the base system > is somewhat excessive, but not importing pf is not a solution to the > problem of having too many firewalls. What I'd like to see is ipfw, > ipfilter and ip6fw implemented in terms of the pf kernel code, then > eventually phased out after a few releases. With the exception of dummynet, > this should be fairly straightforward. What you're assuming is that this is possible. If you were familiar with the code for all three, you'd know it isn't. I have, however, tried to architect IPfilter in such a way that it could use the rule syntax for ipfw2 at some point in the future IF the ipfw2 microcode guff is properly organised (I believe I had a long email thread with Luigi about this for some modest progress but more is really needed to use it.) Then there's the question of Checkpoint's patent... Darrenhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040309042811.97EF816A4CF>