cvs commit: src/sys/contrib/pf/net if_pflog.c
if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c
Darren Reed
darrenr at FreeBSD.ORG
Mon Mar 8 20:28:11 PST 2004
In some mail I received from Tim Robbins, sie wrote
>
> You forgot about ip6fw. I agree that having 4 firewalls in the base system
> is somewhat excessive, but not importing pf is not a solution to the
> problem of having too many firewalls. What I'd like to see is ipfw,
> ipfilter and ip6fw implemented in terms of the pf kernel code, then
> eventually phased out after a few releases. With the exception of dummynet,
> this should be fairly straightforward.
What you're assuming is that this is possible.
If you were familiar with the code for all three, you'd know it isn't.
I have, however, tried to architect IPfilter in such a way that it
could use the rule syntax for ipfw2 at some point in the future IF
the ipfw2 microcode guff is properly organised (I believe I had a
long email thread with Luigi about this for some modest progress but
more is really needed to use it.) Then there's the question of
Checkpoint's patent...
Darren
More information about the cvs-src
mailing list