[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipf



Would a userland API be totally out of the question?

It would be a major security advantage to have the packet filter
chroot()ing, then dropping root priveleges.  Not to mention the
flexability of being able to write a packet filter in any language you
choose...

On Tue, May 29, 2001 at 08:54:45PM -0600, Theo de Raadt wrote:
> > I totally understand why Theo is removing ipf from the src tree and I
> > totally agree with him on it.  But my concern is what are we going to
> > replace it with?  Theo, Any ideas on what is going to replace ipf?  And is
> > ipf going to go into 2.9 or not?
> 
> Some people are looking at ipfw as a starting point.  That leaves
> quite a few gaps at first, but we'll see what happens.  Others are
> looking at other ideas.  We'll see.

-- 
Michael Samuel <michael@miknet.net>