Date: Sat, 19 Jun 1999 15:58:30 +0100 (BST) From: Doug Rabson <dfr@nlsystems.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: "Brian F. Feldman" <green@unixhelp.org>, Ruslan Ermilov <ru@ucb.crimea.ua>, ugen@xonix.com, hackers@FreeBSD.org, luigi@FreeBSD.org Subject: Re: Introduction Message-ID: <Pine.BSF.4.05.9906191558140.80685-100000@herring.nlsystems.com> In-Reply-To: <xzpvhck8cq8.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 Jun 1999, Dag-Erling Smorgrav wrote: > "Brian F. Feldman" <green@unixhelp.org> writes: > > It might be worth (discussion of) making ipfilter the firewall of > > choice for 4.0. There would of course be rule conversion > > scripts/programs (ipfw->ipf(5)), and ipfilter would be converted to > > a KLD, cruft removed (I'm going to work on these), and ipfilter KLD > > support (currently options IPFILTER_LKM) made a non-option. It seems > > that our pretty proprietary ipfw is no longer a good idea. > > If ipfilter can to everything ipfw can (judging from ipf(5), it can) > and you even manage to keep an ipfw(8) command around so those who > want kan keep using the old syntax still can, then I for one have no > objections. > > Rewriting ipfw rules to ipfilter rules on the fly should be trivial; a > simple Perl script should be sufficient. Does ipfilter support divert sockets? -- Doug Rabson Mail: dfr@nlsystems.com Nonlinear Systems Ltd. Phone: +44 181 442 9037 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906191558140.80685-100000>