[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipf

To: tech@openbsd.org
Subject: Re: ipf
From: Michael Samuel <michael@miknet.net>
Date: Wed, 30 May 2001 15:05:23 +1000
Content-Disposition: inline
References: <Pine.LNX.4.30.0105292146340.21047-100000@daffy.bkw.org> <200105300254.f4U2sjn07877@cvs.openbsd.org>
User-Agent: Mutt/1.3.17i

Would a userland API be totally out of the question?

It would be a major security advantage to have the packet filter
chroot()ing, then dropping root priveleges.  Not to mention the
flexability of being able to write a packet filter in any language you
choose...

On Tue, May 29, 2001 at 08:54:45PM -0600, Theo de Raadt wrote:
> > I totally understand why Theo is removing ipf from the src tree and I
> > totally agree with him on it.  But my concern is what are we going to
> > replace it with?  Theo, Any ideas on what is going to replace ipf?  And is
> > ipf going to go into 2.9 or not?
> 
> Some people are looking at ipfw as a starting point.  That leaves
> quite a few gaps at first, but we'll see what happens.  Others are
> looking at other ideas.  We'll see.

-- 
Michael Samuel <michael@miknet.net>

Follow-Ups:
- Re: ipf
  - From: Jeff Bachtel <sebastion@irelandmail.com>

References:
- ipf
  - From: Brian West <brian@bkw.org>
- Re: ipf
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: USB hang at boot on 2.9
Next by Date: Re: ipf
Prev by thread: Re: ipf
Next by thread: Re: ipf
Index(es):
- Date
- Thread