From owner-cvs-all@FreeBSD.ORG Mon Mar 8 20:28:11 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 680) id 97EF816A4CF; Mon, 8 Mar 2004 20:28:11 -0800 (PST) In-Reply-To: <20040226080517.GA29763@cat.robbins.dropbear.id.au> To: Tim Robbins Date: Mon, 8 Mar 2004 20:28:11 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL112 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20040309042811.97EF816A4CF@hub.freebsd.org> From: darrenr@FreeBSD.ORG (Darren Reed) cc: cvs-src@FreeBSD.org cc: Max Laier cc: cvs-all@FreeBSD.org cc: Steve Kargl cc: src-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2004 04:28:11 -0000 In some mail I received from Tim Robbins, sie wrote > > You forgot about ip6fw. I agree that having 4 firewalls in the base system > is somewhat excessive, but not importing pf is not a solution to the > problem of having too many firewalls. What I'd like to see is ipfw, > ipfilter and ip6fw implemented in terms of the pf kernel code, then > eventually phased out after a few releases. With the exception of dummynet, > this should be fairly straightforward. What you're assuming is that this is possible. If you were familiar with the code for all three, you'd know it isn't. I have, however, tried to architect IPfilter in such a way that it could use the rule syntax for ipfw2 at some point in the future IF the ipfw2 microcode guff is properly organised (I believe I had a long email thread with Luigi about this for some modest progress but more is really needed to use it.) Then there's the question of Checkpoint's patent... Darren