netbsd-users: Re: simple ipfilter-question

Subject: Re: simple ipfilter-question
To: Petar Bogdanovic <p.netbsd@2005.smokva.net>
From: Matthias Scheler <tron@zhadum.org.uk>
List: netbsd-users
Date: 01/02/2006 19:58:32

On Mon, Jan 02, 2006 at 04:50:02PM +0100, Petar Bogdanovic wrote:
> I assume, that there is a reason behind this.

Yes, IP Filter is a filter for the IP protocol. BPF is a low level
interface which receives packets before processing of the packet
(including IP) has even been started by the kernel. And that's
a useful feature because it allows you e.g. to use "tcpdump" to
have a look at all incoming packets before firewall rules are applied.

> ... and some user-land tool is able to jump into the chain

It's not "some user-land tool". It's an application using BFP which
requires root privileges.

> - one step before ipf ...

See above.

> ... and get everything which comes in.

IPF doesn't get everything, it only gets all IP traffic.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/