Re: Fwd: GSOC Network Configuration Libraries

Hi,

  I had noticed that project suggestion by Allan Jude. This is an
interesting matter, as, in fact, ipfw lacks some kind of higher level
interface to configure it.

  I was confronted with this lack of tooling a few years ago when I
moved my jails to VIMAGE, And I noticed that combining NAT
functionality with stateful rule behaviour (and possibly other features
like packet forwarding) brings along a couple of gotchas - it is not
really trivial; and also, many of the examples circling on the net were
(are?) kinda sub-optimal.

  Finally I decided to just write the necessary code. However, I chose
the approach that appeared most feasible to me (for my needs,
obviousely) which happened to be not a library, but a freestanding
web-application. Also I decided to do a full solution that can handle
any number of interconnected interfaces and networks, and insert any
number of filters into any flow (where filters could be NAT, suricata,
NPTv6, or whatever); so this is not (only) for a laptop.

  Then, I asked around if anybody would be interested in the matter,
and found low interest in ipfw in general, and no interest at all in
GUI tools (GUI is apparently un-Berkeley). Consequentially I didn't
bother to write a documentation, or think about a license to publish
the material (because why should I throw stuff after people who aren't
interested?)

  Anyway, you might be interested is issues like this PR 269770, and
there is also a few kernel patches I needed, but these are mostly for
IPv6 tunneling and hot reloading.

cheerio,
PMc