On 4/27/09, Felipe Alfaro Solana <felipe.alf...@gmail.com> wrote: > On Mon, Apr 27, 2009 at 8:11 PM, Ted Unangst <ted.unan...@gmail.com> wrote: > >> On Mon, Apr 27, 2009 at 10:25 AM, Felipe Alfaro Solana >> <felipe.alf...@gmail.com> wrote: >> > Again, not a single or valid technical argument on why a bridging >> firewall >> > is a bad idea. Just a moot and offensive responsive, and a very >> > strong assessment from someone that doesn't know me at all. It's also >> very >> > sad to see so many impolite answers in this list. Perhaps saying "are >> > apparently black magic" would be more appropriate. >> >> http://marc.info/?l=openbsd-misc&m=124082008204226&w=2 >> >> You can either read the code or listen to somebody who has. I don't >> know you either, but I know Henning and I know the bridge code, and >> the short version is he's right. >> > > And again, I think you mean that running a bridge under OpenBSD is perhaps > not the fastest or brightest solution. And I trust you, But again, I have > yet to hear a single technical argument on why running, for example, Snort > inline on other platforms is a bad idea and makes one stupid.
You are free to read: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c