[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Sanity check: Mixing IPF + IPFw
From:       Avleen Vig <lists-ipf () silverwraith ! com>
Date:       2002-12-27 23:26:03
[Download RAW message or body]

On Sat, 28 Dec 2002, Manuel Kasper wrote:

> I've filed a pr about that now (kern/46564) (and confused the ordering again
> when I did ;). Hopefully somebody will take care to change this behaviour to
> something sensible in the distribution...

I'll try and comment on it in a few mins :-)

> I think I'll also contact the maintainer of the IPFilter FAQ; the FAQ says
> the processing order depends on the loading order of the modules; this
> doesn't seem to be correct.

Hmmm The FAQ is correct. Well, I tihnk so.
I don't know what happens if both IPF and IPFW are modules - I expect it's
the same as what I described.
If one if compiled into the kernel, and another is a module, then the
kernel will see the packet first, followed by the module.

But that is *still* the wrong way to do it, because all three leave you
with the same situation we have now - Either IPF or IPFW getting the
packet first both inbound and outbound.
[prev in list] [next in list] [prev in thread] [next in thread]