Date: Mon, 3 Dec 2001 22:06:35 +0100 From: Sebastien Petit <spe@bsdfr.org> To: Luigi Rizzo <rizzo@aciri.org> Cc: net@FreeBSD.ORG Subject: Re: Ethernet Firewall for FreeBSD-4.4 Message-ID: <20011203211222.DA4386ACF@vega.bsdshell.net>
next in thread | raw e-mail | index | archive | help
On Monday 03 December 2001 21:28, Luigi Rizzo wrote: > Sebastien, > this is a personal point of view, and I know that people think > differently, but I believe it would be a lot more interesting if > you would design ethfw as an add-on for ipfw as opposed to a separate > thing. Not only it would remove some replication from the code (all > [sg]etsockopt, basically), but would also make its adoption easier > to people who already use ipfw. In fact, a very preliminary > incarnation of ethernet matching was already in ipfw some time ago. > > I am a strong supporter of a unified interface for > firewall functions. Luigi, I'm not opposed to a merge on the ipfw code. A lot of people reports me the need to do low level filtering like ethernet filtering with mask and protocols (ARP, RARP, IPv6, IPv4 etc...), so I was starting to implement that into if_ethersubr. I don't implement it directly on ipfw because a lot of people can confuse with the name (Internet Protocol Firewall) of ipfw. The second reason is that ethernet filtering needs to move ipfw code from ip_input ip_output to if_ethersubr isn't it ?. But If you can help me to merge ethfw on ipfw, I'm totally for that, it's a great idea. Regards, Sebastien. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011203211222.DA4386ACF>