[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Would a userland API be totally out of the question?
It would be a major security advantage to have the packet filter
chroot()ing, then dropping root priveleges. Not to mention the
flexability of being able to write a packet filter in any language you
On Tue, May 29, 2001 at 08:54:45PM -0600, Theo de Raadt wrote:
> > I totally understand why Theo is removing ipf from the src tree and I
> > totally agree with him on it. But my concern is what are we going to
> > replace it with? Theo, Any ideas on what is going to replace ipf? And is
> > ipf going to go into 2.9 or not?
> Some people are looking at ipfw as a starting point. That leaves
> quite a few gaps at first, but we'll see what happens. Others are
> looking at other ideas. We'll see.
Michael Samuel <firstname.lastname@example.org>
- Re: ipf
- From: Jeff Bachtel <email@example.com>
- From: Brian West <firstname.lastname@example.org>
- Re: ipf
- From: Theo de Raadt <email@example.com>