On 10/25/05, Markus Friedl <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 24, 2005 at 02:38:43AM -0500, Travis H. wrote:
> > Has anyone thought of modeling packet filtering/translation/queueing
> > as a virtual machine?
>
> BSD/OS ipfw (http://www.pix.net/software/ipfw/)
That site has some good code and
On Mon, Oct 24, 2005 at 02:38:43AM -0500, Travis H. wrote:
> Has anyone thought of modeling packet filtering/translation/queueing
> as a virtual machine?
BSD/OS ipfw (http://www.pix.net/software/ipfw/)
did use BPF bytecode for filterrules. basically
you compile you filter ruleset into BPF bytecode
> They would have to have been
> really serious about protecting their patent to threaten Sun; remember
> that almost all FW1 installations (checkpoints cash cow) were dependant
> on solaris boxes.
Perhaps. OTOH, if you don't protect IP, you lose it. That is why so
many warnings about infringeme
> Has anyone thought of modeling packet filtering/translation/queueing
> as a virtual machine?
Checkpoint did it with their inspect scripting and I'm told have a
patent on using a VM in a firewall (no I've never read the patent, no
idea how specific/general it is).
Sun used a BPF-like virtual mac
Has anyone thought of modeling packet filtering/translation/queueing
as a virtual machine? I have been thinking about how to generalize
some of the current operations, and it seems to me that a virtual
machine with operations tuned for common packet judo would be a handy
unifying architecture. I'