Date: Sat, 17 Aug 1996 15:20:20 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: hackers@freebsd.org Subject: ipfw/ipfilter - what will it be? Message-ID: <199608170520.WAA17184@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Well, the discussion went a long way and ended up in a "when I was a lad...". For those wondering, IP filter is my pet project and although I try to keep up with what other similar products do, just because someone else implements a feature in a certain way, does not mean I'll match it. I don't believe that adding "line numbers" is a "forward step" for such a product. The reference to BASIC was to show where that style of thinking has gone to today: tools such as Visual BASIC no longer have line numbers, C doesn't, etc. If a "tag" is desired such that it represents a grouping of related objects (such as used by Cisco's IOS for ACL's or as people have done with in ipfw & taken it further), then they should be just that - arbitary tags. In the context of IP filter, I don't see what that does for the performance or usefulness of a packet filter which resides in the kernel. IMHO, those are the sort of things you want in your rule file, which you edit and then load into the kernel and comments fill that role quite well, I believe. For DIVERT, at present this remains a FreeBSD only feature, at present, but sounds a lot like something I was thinking of some time ago. However, if the purpose is for NAT and how it can be implemented in userland, c.f. screend vs ipfw (need I say more ?). Reading Linux's IP source code, you can see some of the flunky things they've done (reassembling all packets going through the box on a routing box, assuming all TCP/IP packets are destined for the host - regardless of IP#). Flunky features are easy to add if that becomes the priority. In summary, I'm not about to add things just so the FreeBSD team will add it to their release, which may or may not be the same as I distribute. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608170520.WAA17184>