In message <20030908233518.B59F07B43@berkshire.research.att.com>, "Steven M. Be
llovin" writes:
>>(For the curious:  ipfw, which is not in any way related to the FreeBSD
>>gizmo of the same name, and the boot.default/boot.define stuff allowing
>>all sorts of magical kernel tweaking to be stored in nice editable text
>>files.)

>Let me second that.  BSDi's IP filtering gives you much finer control 
>over what is passed, with (to me) more intuitive semantics.  And the 
>boot.default stuff was extremely useful to me when dealing with some of 
>the quirks of IBM Thinkpad booting.

Unfortunately, I don't believe either will ever be given away as free source.

That said, I think both are implementable without TOO much work.  ipfw does
a fair bit of magic, but I think under the hood it consists mostly of a
compiler-to-BPF and a better selection of places for BPF filters to be
inserted.

The boot.default stuff, well, it's a fair bit of work, but MAN is it useful.
For those who have never seen it:
	* The boot loader loads a file called /etc/boot.default
	* It can also take commands entered by hand
	* Commands may pass parameters to the rest of the boot loader or
	  the kernel
That's it, but consider the following /etc/boot.default lines:
	# suppress ultra2 probe on target 2 on aic0, because we happen
	# to know that the disk's firmware is dodgy
	-parm aic0 ultra2=all-t2
	# only probe up to 1GB of memory on dodgy old pentium board
	-extendend 1G
	# load ramdisk
	-ramdisksize 2048k
	-ramdiskfile filesys.gz
	# load kernel from one disk, put root on another
	-kernel sd(0,0):/netbsd.old
	-rootdev wd(0,0)
	# force disable of ehci driver on this machine
	-dev ehci* port=-1

You get the idea.  All *sorts* of cool stuff, and a standard interface
for drivers to announce their parameters.

-s