On Mon, 17 Jul 2000, Sean-Paul Rees wrote:

> I am doing some work for a local usergroup, and we'd like to implement a
> firewall on our network. I really don't want to have to go through the
> trouble and resubnet the network and redo the routes for a firewall, I'd much
> rather create a transparent firewall between the router and the rest of the
> network.
> 
> Something like:
> 
> T1<------->Router<--->(ethernet 0)NetBSD Firewall(ethernet 1)<--->Network
> 
> I want the NetBSD firewall to basically forward all packets along its interfaces
> and impose filters for "bad" packets.
> 
> Is NetBSD/IP Filter up to the task? If so, can someone provide me some pointers?
> I come from a FreeBSD background, and have limited NetBSD experience.

What you'd want is a bridging firewall.  AFAIK, as of 1.4.2 NetBSD cannot
bridge yet (someone _please_ correct me if I'm wrong on that).  So while
IPFilter can do "bridge-style" filtering, NetBSD won't bridge, and you're
out of luck.

IIRC OpenBSD does this, but I'm speaking from pure hearsay and not from
first hand experience.

[here's hoping someone has implemented bridging in -current]

-Jon
 --------------------------------------------------------------------
 "Hey - this old machine screams like a snail on acid!" - (a true
  comment by a fellow who recently installed NetBSD on an old server)