per-interface packet filters

[Andre Oppermann]

Julian Elischer wrote:
> 
> Gleb Smirnoff wrote:
> 
> >  Dear networkers,
> >
> >  I finally managed to pronounce my idea, although I'm afraid
> > of a bikeshed it is going to be burried under.
... 
> I'm not sayig we should n't do what you are saying but that it is
> already possible to do very similar things.

I'm not against this as such.  However it's more of a presentaion and
user interface issue than a kernel issue.  I'm certanly against hacking
the kernel to make this possible and it's not needed in this case.

With the different firewall packages different solutions with different
representations for this problem exists.  Maybe the only thing neede is
a different ipfw(8) userland application with a syntax more suitable to
what Gleb wants to present to the user.  In the background it would issue
the normal ipfw micro-ops which are entirely sufficient in functionality.
Like writing "hello world" in different programming languages, the machine
code is pretty much the same.

-- 
Andre