avon barksdale <avon@flatlet.net> writes:

> Has anyone looked at/worked on a port of OpenBSD's packet filter?

Yes, in current netbsd is should be quite easy. Now that packets store
ip_len,ip_off in network order, there should be ever less patches. You will
have problems with that ICMP message defines that are diffrent.

pfil is a great thing, you don't need to modify the kernel at all, just add
a lkm.

I used a ported pf before ipf did IPv6.

Love