Luigi Rizzo wrote:
> > Instead I will have to revert back from IPFILTER to IPFW (FreeBSD)
> > so that I can use DUMMYNET instead of ALTQ.
> > This leaves me with having to add a TOS-based filtering into
> > IPFW. Cross my fingers and it will work :-/
>
> i still fail to see why you hate so much this solution
> as it seems to do what you need (actually i'd probably use the WFQ
> feature of dummynet, and let the application set the TOS bits...)
because the only filtering package that will ever have a
chance to be consolidated with KAME's SPD rules and ALTQ's
classifier will be IPFILTER; because IPFILTER is available
accross all *BSDs; because IPFILTER is (arguably) more
secure (though less powerful in its NAT rules.)
I am really tempted to go back to IPFW, but I value future
rejoining with KAME and a flexibility in choice of underlying
*BSDs more than the convenience of IPFW. May be it's a mistake.
If it is, the world (not just myself) should move towards
IPFW on all BSDs. Luigi, if you hack IPFW into all *BSDs and
if you submit the code to the CVS control of the KAME folks,
may be IPFW could become the point of consolidation of the SPD
and ALTQ classifier rules. I would cheer that effort!
regards,
-Gunther
--
Gunther Schadow, M.D., Ph.D. [EMAIL PROTECTED]
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
