From owner-freebsd-net  Mon Dec  3 13: 6:14 2001
Delivered-To: freebsd-net@freebsd.org
Received: from vega.bsdshell.net (APlessis-Bouchard-103-1-4-88.abo.wanadoo.fr [80.13.186.88])
	by hub.freebsd.org (Postfix) with ESMTP id E11F737B416
	for <net@FreeBSD.ORG>; Mon,  3 Dec 2001 13:06:08 -0800 (PST)
Received: from there (win.bsdshell.net [172.16.1.2])
	by vega.bsdshell.net (Postfix) with SMTP
	id DA4386ACF; Mon,  3 Dec 2001 22:12:22 +0100 (CET)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Sebastien Petit <spe@bsdfr.org>
Organization: BSDshell
To: Luigi Rizzo <rizzo@aciri.org>
Subject: Re: Ethernet Firewall for FreeBSD-4.4
Date: Mon, 3 Dec 2001 22:06:35 +0100
X-Mailer: KMail [version 1.3.1]
Cc: net@FreeBSD.ORG
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20011203211222.DA4386ACF@vega.bsdshell.net>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Monday 03 December 2001 21:28, Luigi Rizzo wrote:
> Sebastien,
> this is a personal point of view, and I know that people think
> differently, but I believe it would be a lot more interesting if
> you would design ethfw as an add-on for ipfw as opposed to a separate
> thing. Not only it would remove some replication from the code (all
> [sg]etsockopt, basically), but would also make its adoption easier
> to people who already use ipfw.  In fact, a very preliminary
> incarnation of ethernet matching was already in ipfw some time ago.
>
> I am a strong supporter of a unified interface for
> firewall functions.

Luigi, 

I'm not opposed to a merge on the ipfw code. A lot of people reports me the 
need to do low level filtering like ethernet filtering with mask and 
protocols (ARP, RARP, IPv6, IPv4 etc...), so I was starting to implement that 
into if_ethersubr. I don't implement it directly on ipfw because a lot of 
people can confuse with the name (Internet Protocol Firewall) of ipfw. The 
second reason is that ethernet filtering needs to move ipfw code from 
ip_input ip_output to if_ethersubr isn't it ?.
But If you can help me to merge ethfw on ipfw, I'm totally for that, it's a 
great idea.

Regards,
Sebastien.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message