In some email I received from j.grinter@ic.ac.uk, they wrote:
> 
> I have made necessary changes (two patches) to my copy of kernel source
> to use DEC's screend (as further modified for BSD/OS). If anyone
> is further interested, I'll pass the (easy) mods on.
> 
> We could include this #ifdef'd code in the kernel source, but I 
> am not sure about whether we can include the screend code itself
> (maybe in othersrc/?). It too needed a change, to cope with
> the slightly modified icmp_error function for 4.4.
> 
> It has pretty flexible filtering rules, and can log dropped packets
> or even passed packets.

Just what sort of different support do screend and the other firewall
type software for kernels require ?

In my latest work, I've written my packet screening software to work as
a loadable kernel module.  I've done this mainly for SunOS, but it
requires _minimal_ changes to the IP code to work.  This makes it easier
to support the various ioctl's, etc, that come with these packages also.
I'm not sure if what I've done would work with screend as screend passes
the packet header out to userland before it comes back again to go out.

darren