On Monday 03 December 2001 21:28, Luigi Rizzo wrote: > Sebastien, > this is a personal point of view, and I know that people think > differently, but I believe it would be a lot more interesting if > you would design ethfw as an add-on for ipfw as opposed to a separate > thing. Not only it would remove some replication from the code (all > [sg]etsockopt, basically), but would also make its adoption easier > to people who already use ipfw. In fact, a very preliminary > incarnation of ethernet matching was already in ipfw some time ago. > > I am a strong supporter of a unified interface for > firewall functions.
Luigi, I'm not opposed to a merge on the ipfw code. A lot of people reports me the need to do low level filtering like ethernet filtering with mask and protocols (ARP, RARP, IPv6, IPv4 etc...), so I was starting to implement that into if_ethersubr. I don't implement it directly on ipfw because a lot of people can confuse with the name (Internet Protocol Firewall) of ipfw. The second reason is that ethernet filtering needs to move ipfw code from ip_input ip_output to if_ethersubr isn't it ?. But If you can help me to merge ethfw on ipfw, I'm totally for that, it's a great idea. Regards, Sebastien. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
