On Mon, Mar 01, 2004 at 11:21:55PM +0100, Julien Bordet wrote: > Again, I agree. But that does not resolve the issue. Please consider the > case I'm talking about (Bridge, ...). What we need is a OpenBSD > solution. We do one of the best packet filter available, make bridging > surprisingly easy, but the killer feature is missing.
This topic comes up again and again. I think it's clear by now that most pf developers have no personal need for this feature. I guess it's mostly commercial environments with paying customers who can't be inconvenienced with scp that would like to have it. But it seems it's not worth enough to pay a salary writing, even if it might save a couple of dollars on appliance/license costs. If I'm wrong, and a lot of people with more skill and time than money would want it, surely someone would be writing it by now. Especially if it was "the missing killer feature". The reasoning that this could be easily done in pf in the kernel is just wrong, it would be about the same amount of work doing it in userland (think bpf listener and raw socket sender) on a bridge, and that would be more secure and portable. So, don't push the burden on others, start working on it today ;) Daniel
