> >>Darren, what is pfild and how come the public-domain version doesn't >>come with it? > > > pfild is there because the pfil kernel module cannot access data in the > same manner as the open source code can. This is due to restrictions on > what APIs within IP you are allowed to officially use within Solaris > products. Open source software can just use whatever the hell it wants > in order to function :) > > Darren
Darren's being polite. Basically Solaris doesn't officially provide APIs required by packet filters. Fortunately, enough is known about Solaris internals that he's been able to figure out how to work around this problem. Sunscreen (Sun's old packet filter) and Checkpoint FW-1 have exactly the same problem. -Mike
