Hi All!

Has anyone done work on adding ip filtering (based on src/destination
ip address and tcp ports) to the NetBSD kernel?
More specifically I'm looking at /usr/src/sys/netinet/ip_input.c,
it looks as if the following code:
        if (ipforwarding == 0) {
                ipstat.ips_cantforward++;
                m_freem(m);
        } else
                ip_forward(m, 0);

could very simply be `enhanced' with code which checks ip addresses and
such. I haven't really thought about how to modify the filtering table though
(something like the route/netstat duo, probably).

Any thoughts?

	-Steven

P.S. The motivation for all of this is, of course, that a netbsd box
could replace a $$$$ cisco or whatever ip router.

------------------------------------------------------------------------------