Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Dec 2004 22:19:58 +0100
From:      Andre Oppermann <andre@freebsd.org>
To:        Julian Elischer <julian@elischer.org>
Cc:        net@freebsd.org
Subject:   Re: per-interface packet filters
Message-ID:  <41BE077E.5CD2B517@freebsd.org>
References:  <20041213124051.GB32719@cell.sick.ru> <41BDDB4D.2050201@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote:
> 
> Gleb Smirnoff wrote:
> 
> >  Dear networkers,
> >
> >  I finally managed to pronounce my idea, although I'm afraid
> > of a bikeshed it is going to be burried under.
... 
> I'm not sayig we should n't do what you are saying but that it is
> already possible to do very similar things.

I'm not against this as such.  However it's more of a presentaion and
user interface issue than a kernel issue.  I'm certanly against hacking
the kernel to make this possible and it's not needed in this case.

With the different firewall packages different solutions with different
representations for this problem exists.  Maybe the only thing neede is
a different ipfw(8) userland application with a syntax more suitable to
what Gleb wants to present to the user.  In the background it would issue
the normal ipfw micro-ops which are entirely sufficient in functionality.
Like writing "hello world" in different programming languages, the machine
code is pretty much the same.

-- 
Andre



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41BE077E.5CD2B517>