From owner-freebsd-ipfw@freebsd.org  Fri Jan  8 22:57:53 2016
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3569AA68A89
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Fri,  8 Jan 2016 22:57:53 +0000 (UTC)
 (envelope-from fodillemlinkarim@gmail.com)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com
 [IPv6:2607:f8b0:400d:c04::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id EA3CA1030
 for <freebsd-ipfw@freebsd.org>; Fri,  8 Jan 2016 22:57:52 +0000 (UTC)
 (envelope-from fodillemlinkarim@gmail.com)
Received: by mail-qg0-x234.google.com with SMTP id e32so274383811qgf.3
 for <freebsd-ipfw@freebsd.org>; Fri, 08 Jan 2016 14:57:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=zNcMGN4v5N/GktOd4cZlIKptJ9mkcVtmsmtZjIblzCc=;
 b=ws1jJvydqIcToRCZ2qyyF2PjGLR9cze5asPMeWPZDISGcML+9hmBg5uQyp23pYW35U
 bHPDC07Ipl253URFaQWKe28w6DXhFuSf7YQA4hpS2cdopRXowRu8wWvL0sdJsYbxawS2
 Cb7ZhPicXZv4LFYLZClGlUCwCqW6w3U4zWMcZe1wynvZdNHZgaHkB1kRyqJwf+5eE5Vc
 7HFNkPs+mqumpALuQwzuF6JqSx8USDIYbf7KslEvdLq0plQ88AGYnTObehrSnBU8p5QD
 lOicEsCxUDdBlZ36tanNEjeDsIMVOLhC80+C/8xPMpehXU5Cl2RsjXom2vR70HPb2u3r
 ATig==
X-Received: by 10.140.234.17 with SMTP id f17mr159331194qhc.19.1452293872062; 
 Fri, 08 Jan 2016 14:57:52 -0800 (PST)
Received: from [10.10.1.47] ([192.252.130.194])
 by smtp.googlemail.com with ESMTPSA id z65sm49083771qhc.27.2016.01.08.14.57.51
 for <freebsd-ipfw@freebsd.org> (version=TLSv1/SSLv3 cipher=OTHER);
 Fri, 08 Jan 2016 14:57:51 -0800 (PST)
Subject: Re: layer2 ipfw fwd
To: freebsd-ipfw@freebsd.org
References: <CAGtf9xOzJ+cL-W=HP5cd2nyabY=03AgTyFLvDuQWN-xB6KqjCg@mail.gmail.com>
 <567795F1.5080605@freebsd.org>
 <CAC+JH2xXVpnDfa5KUQGZ39uoqSiS5oB72ak6bAeaPqXgyCmd3Q@mail.gmail.com>
 <56780F5A.5060209@freebsd.org>
 <1450885787.1918354.474995842.261BD65D@webmail.messagingengine.com>
 <567D7EA9.6050201@freebsd.org>
From: Karim Fodil-Lemelin <fodillemlinkarim@gmail.com>
Message-ID: <56903EEA.3030905@gmail.com>
Date: Fri, 8 Jan 2016 17:57:46 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <567D7EA9.6050201@freebsd.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2016 22:57:53 -0000

On 2015-12-25 12:36 PM, Julian Elischer wrote:
> On 23/12/2015 11:49 PM, Mark Felder wrote:
>>
>> On Mon, Dec 21, 2015, at 08:40, Julian Elischer wrote:
>>> This is EXACTLY what the cisco/ironport web filter appliance does...
>>>
>> If we had this in FreeBSD nobody would have to reinvent the wheel to
>> build a similar appliance, right? And it might allow someone to build a
>> competing open source FreeBSD-based web filter appliance with this same
>> feature set...
> nah...there is SO MUCH MORE to what the ironport does.
Yes and that is why FWD action isn't part of the bridge if I recall the 
old discussions.

Where I work, we also have a L2 transparent proxy (we wrote it way back 
on FBSD 4.5 based on Luigi's old bridge code) but it is very specific 
for one particular application.

Trying to support a generic L2 FWD action that does any next hop 
forwarding as a general solution (which is what you'd need to do for 
FBSD) would require a lot of code most users wouldn't want to see the 
bridge burden with.

Well that is what we've seen throughout the years.

K.