On Tue, Apr 28, 2009 at 1:29 AM, Fred Crowson <fred.crow...@googlemail.com>wrote:
> On 4/27/09, Felipe Alfaro Solana <felipe.alf...@gmail.com> wrote: > > On Mon, Apr 27, 2009 at 8:11 PM, Ted Unangst <ted.unan...@gmail.com> > wrote: > > > >> On Mon, Apr 27, 2009 at 10:25 AM, Felipe Alfaro Solana > >> <felipe.alf...@gmail.com> wrote: > >> > Again, not a single or valid technical argument on why a bridging > >> firewall > >> > is a bad idea. Just a moot and offensive responsive, and a very > >> > strong assessment from someone that doesn't know me at all. It's also > >> very > >> > sad to see so many impolite answers in this list. Perhaps saying "are > >> > apparently black magic" would be more appropriate. > >> > >> http://marc.info/?l=openbsd-misc&m=124082008204226&w=2 > >> > >> You can either read the code or listen to somebody who has. I don't > >> know you either, but I know Henning and I know the bridge code, and > >> the short version is he's right. > >> > > > > And again, I think you mean that running a bridge under OpenBSD is > perhaps > > not the fastest or brightest solution. And I trust you, But again, I have > > yet to hear a single technical argument on why running, for example, > Snort > > inline on other platforms is a bad idea and makes one stupid. > > You are free to read: > > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c Is it something in the "on other platforms" sentence that you don't understand? The link you provide is for OpenBSD code. And it's now clear to me that bridging in OpenBSD consumes a lot of resources and developers dislike it. So I don't get your point. -- http://www.felipe-alfaro.org/blog/disclaimer/
