[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPF and IPFW, after some night talk
I'm writing this post with respect to people who will think of a solution
for OpenBSD firewalling needs.
I've been working on IPFilter as user and developing patches\modules for
various tasks (mainly in the transparent proxying area of natting) and this
situation implies that people who contributed software to IPFilter source
tree can't modify their own code without Darren's consent.
All of which, basically sucks.
I also believe that this lack of clarity in the past, which gave people the
feeling that this kind of modifications activity was well accepted, isn't
giving much credit to contributors either.
Now Theo Deraadt says "look at goal #2". I say "look at goal #8":
"Do not let serious problems sit unsolved."
I believe many developers among you have thought that an OS like OpenBSD
-CANNOT- lack of a good firewall\packet filter. I've heard many people
talking about switching to IPFW. I don't want to generate any flame
regarding this point, however I must say that IPFW is nowhere near IPF
capabilities up to now, in terms of filtering and natting, expecially for
what regards ruleset syntax, while it has some key to additional packages
like DummyNet (traffic shaping).
If anyone is interested in coding a filtering\firewalling\natting code
opposed to IPFW for OpenBSD, please contact me privately, as I'm interested
in helping such development, expecially for what regards NAT and
transparent application proxies.
I have one more question. Some packages like PPP or bridging support by
Jason Wright contain filtering systems for packets. Are they to be
considered in any way related to IPFilter or will they continue to appear
into OpenBSD source tree?
For what regards my H.323 transparent proxy for IPFilter, I have to find
out what kind of licensing restrictions my code will have, before releasing
it. I encourage people who have received a beta version of it to avoid
distributing it until then.
Giacomo Cariello, firstname.lastname@example.org
Fingerprint: 7984 10FD 0460 4202 BF90 3881 CDE4 D78E 409C 9044
"Put that mic in my hand and let me kick out the jams!" - MC5