Date: Mon, 13 Dec 2004 22:19:58 +0100 From: Andre Oppermann <andre@freebsd.org> To: Julian Elischer <julian@elischer.org> Cc: net@freebsd.org Subject: Re: per-interface packet filters Message-ID: <41BE077E.5CD2B517@freebsd.org> References: <20041213124051.GB32719@cell.sick.ru> <41BDDB4D.2050201@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > > Gleb Smirnoff wrote: > > > Dear networkers, > > > > I finally managed to pronounce my idea, although I'm afraid > > of a bikeshed it is going to be burried under. ... > I'm not sayig we should n't do what you are saying but that it is > already possible to do very similar things. I'm not against this as such. However it's more of a presentaion and user interface issue than a kernel issue. I'm certanly against hacking the kernel to make this possible and it's not needed in this case. With the different firewall packages different solutions with different representations for this problem exists. Maybe the only thing neede is a different ipfw(8) userland application with a syntax more suitable to what Gleb wants to present to the user. In the background it would issue the normal ipfw micro-ops which are entirely sufficient in functionality. Like writing "hello world" in different programming languages, the machine code is pretty much the same. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41BE077E.5CD2B517>