From owner-freebsd-ipfw@freebsd.org Fri Jan 8 22:57:53 2016 Return-Path: <owner-freebsd-ipfw@freebsd.org> Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3569AA68A89 for <freebsd-ipfw@mailman.ysv.freebsd.org>; Fri, 8 Jan 2016 22:57:53 +0000 (UTC) (envelope-from fodillemlinkarim@gmail.com) Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA3CA1030 for <freebsd-ipfw@freebsd.org>; Fri, 8 Jan 2016 22:57:52 +0000 (UTC) (envelope-from fodillemlinkarim@gmail.com) Received: by mail-qg0-x234.google.com with SMTP id e32so274383811qgf.3 for <freebsd-ipfw@freebsd.org>; Fri, 08 Jan 2016 14:57:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=zNcMGN4v5N/GktOd4cZlIKptJ9mkcVtmsmtZjIblzCc=; b=ws1jJvydqIcToRCZ2qyyF2PjGLR9cze5asPMeWPZDISGcML+9hmBg5uQyp23pYW35U bHPDC07Ipl253URFaQWKe28w6DXhFuSf7YQA4hpS2cdopRXowRu8wWvL0sdJsYbxawS2 Cb7ZhPicXZv4LFYLZClGlUCwCqW6w3U4zWMcZe1wynvZdNHZgaHkB1kRyqJwf+5eE5Vc 7HFNkPs+mqumpALuQwzuF6JqSx8USDIYbf7KslEvdLq0plQ88AGYnTObehrSnBU8p5QD lOicEsCxUDdBlZ36tanNEjeDsIMVOLhC80+C/8xPMpehXU5Cl2RsjXom2vR70HPb2u3r ATig== X-Received: by 10.140.234.17 with SMTP id f17mr159331194qhc.19.1452293872062; Fri, 08 Jan 2016 14:57:52 -0800 (PST) Received: from [10.10.1.47] ([192.252.130.194]) by smtp.googlemail.com with ESMTPSA id z65sm49083771qhc.27.2016.01.08.14.57.51 for <freebsd-ipfw@freebsd.org> (version=TLSv1/SSLv3 cipher=OTHER); Fri, 08 Jan 2016 14:57:51 -0800 (PST) Subject: Re: layer2 ipfw fwd To: freebsd-ipfw@freebsd.org References: <CAGtf9xOzJ+cL-W=HP5cd2nyabY=03AgTyFLvDuQWN-xB6KqjCg@mail.gmail.com> <567795F1.5080605@freebsd.org> <CAC+JH2xXVpnDfa5KUQGZ39uoqSiS5oB72ak6bAeaPqXgyCmd3Q@mail.gmail.com> <56780F5A.5060209@freebsd.org> <1450885787.1918354.474995842.261BD65D@webmail.messagingengine.com> <567D7EA9.6050201@freebsd.org> From: Karim Fodil-Lemelin <fodillemlinkarim@gmail.com> Message-ID: <56903EEA.3030905@gmail.com> Date: Fri, 8 Jan 2016 17:57:46 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: <567D7EA9.6050201@freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>, <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/> List-Post: <mailto:freebsd-ipfw@freebsd.org> List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>, <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 08 Jan 2016 22:57:53 -0000 On 2015-12-25 12:36 PM, Julian Elischer wrote: > On 23/12/2015 11:49 PM, Mark Felder wrote: >> >> On Mon, Dec 21, 2015, at 08:40, Julian Elischer wrote: >>> This is EXACTLY what the cisco/ironport web filter appliance does... >>> >> If we had this in FreeBSD nobody would have to reinvent the wheel to >> build a similar appliance, right? And it might allow someone to build a >> competing open source FreeBSD-based web filter appliance with this same >> feature set... > nah...there is SO MUCH MORE to what the ironport does. Yes and that is why FWD action isn't part of the bridge if I recall the old discussions. Where I work, we also have a L2 transparent proxy (we wrote it way back on FBSD 4.5 based on Luigi's old bridge code) but it is very specific for one particular application. Trying to support a generic L2 FWD action that does any next hop forwarding as a general solution (which is what you'd need to do for FBSD) would require a lot of code most users wouldn't want to see the bridge burden with. Well that is what we've seen throughout the years. K.