On 19 Jun 1999, Dag-Erling Smorgrav wrote:
> "Brian F. Feldman" <gr...@unixhelp.org> writes:
> > On 19 Jun 1999, Dag-Erling Smorgrav wrote:
> > > Rewriting ipfw rules to ipfilter rules on the fly should be trivial; a
> > > simple Perl script should be sufficient.
> > Not quite as trivial as you think. ipfw and ipf are completely backwards
> > when it comes
> > to rule order: in ipfw, the first rule matched takes effect; in ipf, the
> > last rule matched
> > takes effect.
>
> Just throw in 'quick' and ipfilter behaves just like ipfw.
I figured that out. Come to think of it, I rather like "quick" much better
than ipf's default way.
>
> > Note
> > that Luigi's
> > extra ipfw functionality and my extra ipfw functionality _will_ be wanted
> > in ipf
> > before everyone is necessarily willing to switch.
>
> Divert sockets, dummynet and credential-based filtering would be
> sorely missed if they weren't ported to ipfilter.
Definitely. Working on ipfilter is probably better than reinventing the wheel
again.
>
> DES
> --
> Dag-Erling Smorgrav - d...@flood.ping.uio.no
>
Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___
gr...@freebsd.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \._ \ |) |
http://www.FreeBSD.org/ _ |___/___/___/
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
