On Sat, 19 Jun 1999, Julian Elischer wrote: > As a contributor to ipfw, notice that I will be sticking my oar into the > water when it comes to deleting it unless I'm very sure that the ipf stuff > is better. Unless you're Danish you don't just get to delete bits of the > tree without a lot of agreement, especially from those who are working on > it.. (in this case luigi and I would both be extrememly interested).
Deleting IPFW would be a _long_ time from now, if at all. What it looks like now is: 1. making ipf and ipfw equivalent in functionality 2. cleaning up both 3. MAYBE starting a brand new firewall project I wasn't planning on trying to rip something out from under anyone :) > > > On Sat, 19 Jun 1999, Brian F. Feldman wrote: > > > On 19 Jun 1999, Dag-Erling Smorgrav wrote: > > > > > "Brian F. Feldman" <gr...@unixhelp.org> writes: > > > > It might be worth (discussion of) making ipfilter the firewall of > > > > choice for 4.0. There would of course be rule conversion > > > > scripts/programs (ipfw->ipf(5)), and ipfilter would be converted to > > > > a KLD, cruft removed (I'm going to work on these), and ipfilter KLD > > > > support (currently options IPFILTER_LKM) made a non-option. It seems > > > > that our pretty proprietary ipfw is no longer a good idea. > > > > > > If ipfilter can to everything ipfw can (judging from ipf(5), it can) > > > and you even manage to keep an ipfw(8) command around so those who > > > want kan keep using the old syntax still can, then I for one have no > > > objections. > > > > > > Rewriting ipfw rules to ipfilter rules on the fly should be trivial; a > > > simple Perl script should be sufficient. > > > > Not quite as trivial as you think. ipfw and ipf are completely backwards > > when it comes > > to rule order: in ipfw, the first rule matched takes effect; in ipf, the > > last rule matched > > takes effect. Plus, ipf doesn't have rule numbers (but there's similar > > functionailty.) > > If you think you can get used to them both enough to tackle this, I'll > > handle other > > things, and we can have a working replacement for crufty old ipfw. Note > > that Luigi's > > extra ipfw functionality and my extra ipfw functionality _will_ be wanted > > in ipf > > before everyone is necessarily willing to switch. I have a feeling there > > will be some > > holdouts that, even if ipfw is removed, they'll MFS (merge from stable) > > ipfw back just > > because they want to keep the old way. Ipfw could be dead for 4.0-RELEASE, > > as I see it > > now. More discussion is, however, necessary. > > > > > > > > DES > > > -- > > > Dag-Erling Smorgrav - d...@flood.ping.uio.no > > > > > > > Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___ > > gr...@freebsd.org _ __ ___ | _ ) __| \ > > FreeBSD: The Power to Serve! _ __ | _ \._ \ |) | > > http://www.FreeBSD.org/ _ |___/___/___/ > > > > > > > > To Unsubscribe: send mail to majord...@freebsd.org > > with "unsubscribe freebsd-hackers" in the body of the message > > > > > > To Unsubscribe: send mail to majord...@freebsd.org > with "unsubscribe freebsd-hackers" in the body of the message > Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___ gr...@freebsd.org _ __ ___ | _ ) __| \ FreeBSD: The Power to Serve! _ __ | _ \._ \ |) | http://www.FreeBSD.org/ _ |___/___/___/ To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
