Hello,

> > I was looking for a mechanism of notifying userland about a change of
> > firewalling rules, for needs of hardware assisted packet filtering (see
> > openrouter.net). As I didn't find anything in IPF man pages, and bearing in
> > mind IP filtering is (in theory) not the only one out there, I was thinking
> > about similar interface to the one provided by the PF_ROUTE socket, eg.
> > something like PF_FILTER delivering firewall table changes upon read().
> 
> Or perhaps a new type of kevent? 

Hmm, seems kqueue/kevent would probably work just fine. I'll have a closer
look on it. OTOH, the socket approach would be nicely consistent with route(4)
and would provide a rather straightforward way of not only notifying about a
change, but also telling what exactly the change was...

Regards
	-- Jachym Holecek