"Mark P. Gooderum" wrote:
...
>From a security point of view, it would be good to have kernel level
>packet filtering code.  Better would be if this code could log attempts
>to connect to ports that aren't there (for instance, you may not run X
>or NFS, but would like to know if someone was systematically probing
>your high number TCP (or UDP) ports).

I've added bpf filters to the input and output side of the ip forwarding
code and been using them for some months.  The performance is reasonable
for slow links (like up to 56k).  The optimizer in tcpdump is actually
pretty good.

If you are interested, I'll send you the diffs.  There is currently no
notification of dropped packets.

-brad