[ On Tuesday, November 6, 2001 at 12:17:17 (+1100), Darren Reed wrote: ]
> Subject: Re: ipnat problem
>
> since people hate ipfilter getting updated very often (either in -current
> or in releases) it doesn't happen very often and so users suffer.

This person doesn't hate regular updates of ipfilter.

Indeed this person longs for more regular updates of ipfilter,
especially in -current!

I don't like have to attempt it on my own, but I have done it lots of
times in the past, in both NetBSD and FreeBSD.

It would be ever so much nicer and easier to work with though if the
integration was done more properly, and more tightly[*], and WITHOUT a
damn reach-over build but instead with a nice little ipfilter2netbsd
script like we once had -- a script that could very easily be updated in
the official ipfilter sources both in preparation of an official
integration and as a tool to assist those of us doing our own local
upgrades....  The reach-over build is ever so much more difficult to
update on one's own, even with direct access to a copy of the NetBSD
official CVS repository from which diffs can be generated to assist....

[*] i.e. with each command-line tool in its own directory, not as a
sub-directory of src/usr.sbin/ipf, which is really quite a lame way to
do it regardless of whether it uses a reach-over build or not..

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>