enabling bridge_ipf

To: <tech-net%netbsd.org@localhost>
Subject: enabling bridge_ipf
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sat, 11 Jul 2020 10:30:07 +0200

Any reason this isn't enabled by default? Right now you need to recompile
your kernel with "options BRIDGE_IPF" if you want a firewall on the bridge.
This is annoying.

There is already a dynamic switch behind it anyway: you need to pass "ipf"
to brconfig in order for filtering to actually be enabled, so having the
extra "options BRIDGE_IPF" serves little purpose.

I want to enable BRIDGE_IPF by default, by removing the option and the
#ifdefs. That is, by making the code part of bridge(4) by default.

Note that BRIDGE_IPF is not related to IPF. It uses the pfil interface, so
it works with NPF.

Maxime

Follow-Ups:
- Re: enabling bridge_ipf
  - From: Greg Troxel

Prev by Date: Re: Proposal to remove driver for the Cabletron EA41x SCSI Ethernet adapter
Next by Date: Re: enabling bridge_ipf
Previous by Thread: Libreswan
Next by Thread: Re: enabling bridge_ipf
Indexes:

Home | Main Index | Thread Index | Old Index