* Matthew N. Dodd <[EMAIL PROTECTED]> [000124 18:11] wrote:
> Any reason that the IPFIREWALL and DUMMYNET code is present in
> sys/net/bridge.c? It appears that it makes a number of bad assumptions
> and in general violates the semantics of 'bridging' vs. 'routing'.
>
> Should we even encourage people to use this functionality? Do we really
> want bridge.c to have its own private IP stack?
>
> Should this code be diked out before 4.0 so we don't expose the masses to
> it?
I'm not sure what your proposing, if it's removing BRIDGE support from
the kernel, I'd have to object. BRIDGE enables me to run a transparent
firewall without worrying about routing issues, just drop a machine
with BRIDGE and IPFIREWALL in between two points and everything is ok.
However enable a DIVERT socket, and it all goes to hell last i checked.
Anyhow, can you clarify?
-Alfred
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
