From owner-freebsd-net  Mon May  1 13: 2:52 2000
Delivered-To: freebsd-net@freebsd.org
Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184])
	by hub.freebsd.org (Postfix) with ESMTP id 9FA4737B9C6
	for <freebsd-net@FreeBSD.ORG>; Mon,  1 May 2000 13:02:39 -0700 (PDT)
	(envelope-from luigi@info.iet.unipi.it)
Received: (from luigi@localhost)
	by info.iet.unipi.it (8.9.3/8.9.3) id WAA46626;
	Mon, 1 May 2000 22:03:07 +0200 (CEST)
	(envelope-from luigi)
From: Luigi Rizzo <luigi@info.iet.unipi.it>
Message-Id: <200005012003.WAA46626@info.iet.unipi.it>
Subject: Re: ether matching in ipfw??
In-Reply-To: <200005011926.MAA93100@bubba.whistle.com> from Archie Cobbs at "May
 1, 2000 12:26:00 pm"
To: Archie Cobbs <archie@whistle.com>
Date: Mon, 1 May 2000 22:03:07 +0200 (CEST)
Cc: freebsd-net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> In trying to clean up this bridging stuff, I just realized that
> ip_fw_chk() contains code for matching Ethernet headers and
> non IP packets!
> 
> This hack is just too gross and I plan to rip it out.
> Call me Danish if you like.

yes it was a gross, and, especially, unfinished hack, and you are
welcome to rip it out. I should have done it myself long ago.

HOWEVER: for the future re-inclusion I would be a strong advocate
of a unified firewall interface rather than separate things
(etherfw, ipfw). The reason is because at times one might want
to interleave rules matching ethernet headers, ip headers, tcp
headers, and having separate filters does not support this.

> Does the "ip" in "ipfw" not mean anything to anyone??

for what matters we are already matching TCP flags which are
one layer above IP...

	cheers
	luigi
-----------------------------------+-------------------------------------
  Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
  http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
  TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
  Mobile   +39-347-0373137
-----------------------------------+-------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message