Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Jun 1999 22:37:57 -0400 (EDT)
From:      Brian Fundakowski Feldman <green@unixhelp.org>
To:        Darren Reed <darrenr@reed.wattle.id.au>
Cc:        npp@distortion.dk, ru@ucb.crimea.ua, hackers@FreeBSD.ORG
Subject:   Re: firewalling (Was Re: Introduction)
Message-ID:  <Pine.BSF.4.10.9906182232290.85521-100000@janus.syracuse.net>
In-Reply-To: <199906190228.MAA11563@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 19 Jun 1999, Darren Reed wrote:

> In some email I received from Brian Fundakowski Feldman, sie wrote:
> > How do you feel about (after getting it fixed in -CURRENT) helping with
> > converting ipfw(8) to just a front-end to ipf? I think it's worth discussing
> > whether it's actually worth it to rewrite IPFW or just work on improving
> > ipfilter. (discussion moved to -hackers)
> 
> I imagine they might be fighting words to some ;)  As I see it, if you
> added hooks for divert to ipfilter in FreeBSD and maybe added the rule
> number bits (I *know* there are going to be people who'd just die without
> it) then I can't see why you'd need ipfw.  I imagine that would be a hell
> of a lot less work than bringing the features of ipfilter into ipfw.
> 
> It'd also be one of those steps forward in compatibility between the various
> BSDs...

  Yes, and I know it might take some work. I'd like to have something good be
the default in FreeBSD, and I feel that maybe if ipfilter can be brought
to the foreground well and made backward compatible (i.e. ipfw(8) to translate
(perl? /bin/sh? idunno)), it will be a winning thing. I'd of course like to
add UID/GID support to ipfilter like I did to IPFW (but didn't commit).
  IPFW is nearing the end of its maintainable life. It needs a pretty large
rewrite or full replacement pretty soon. If we can get ipfilter in src/contrib
kept up-to-date and working, supplying a replacement for ipfw(8) as a front-end,
I don't see why ipfilter can't be the "FreeBSD firewall."


> 
> Darren
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 

 Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
 green@FreeBSD.org                   _ __ ___ | _ ) __|   \ 
     FreeBSD: The Power to Serve!        _ __ | _ \._ \ |) |
       http://www.FreeBSD.org/              _ |___/___/___/ 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906182232290.85521-100000>