Date: Mon, 24 Jan 2000 19:06:41 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: "Matthew N. Dodd" <winter@jurai.net> Cc: current@FreeBSD.ORG Subject: Re: sys/net/bridge.c IPFIREWALL & DUMMYNET? WTF? Message-ID: <20000124190641.R26520@fw.wintelcom.net> In-Reply-To: <Pine.BSF.4.21.0001242034470.462-100000@sasami.jurai.net>; from winter@jurai.net on Mon, Jan 24, 2000 at 08:47:02PM -0500 References: <Pine.BSF.4.21.0001242034470.462-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Matthew N. Dodd <winter@jurai.net> [000124 18:11] wrote: > Any reason that the IPFIREWALL and DUMMYNET code is present in > sys/net/bridge.c? It appears that it makes a number of bad assumptions > and in general violates the semantics of 'bridging' vs. 'routing'. > > Should we even encourage people to use this functionality? Do we really > want bridge.c to have its own private IP stack? > > Should this code be diked out before 4.0 so we don't expose the masses to > it? I'm not sure what your proposing, if it's removing BRIDGE support from the kernel, I'd have to object. BRIDGE enables me to run a transparent firewall without worrying about routing issues, just drop a machine with BRIDGE and IPFIREWALL in between two points and everything is ok. However enable a DIVERT socket, and it all goes to hell last i checked. Anyhow, can you clarify? -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000124190641.R26520>