site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Howdy-ho Chris Best regards, Stauff__ On Aug 30, 2007, at 8:23 PM, Christopher D. Lewis wrote: On Aug 27, 2007, at 2:25 AM, Platon Fomichev wrote: _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I will try looking at prospectives to port PF as NKE as I've recently developed a bunch of them. If anyone wishes to join me in my efforts on PF port let's unite our forces, although I highly doubt possibility to develop it out of kernel as NKE... (f.ex. is there any possibility to create /dev/pf from NKE as a start?) Btw not everything is easy as it seems... For example one of my tasks while developing an NKE (at socket level) was to delay connect() call until user land processes signals that it's ok - rather trivial task as I think - but nope connect() can't be blocked as it is in data path - I can't swallow connect() call and it seems that there is no way I can solve this on Socket NKE level... So if anyone have some advice about connect() call or is also anxious to devote some time for PF let's communicate. I will surely do this. Btw as a side note questions - are there any plans to include OpenBSD Packet Filter (quite a good piece of software imho) into Mac OS? I am thinking of doing some initial investigations on possibility of this project if no-one is already on this. Not too long after Mr. Hubbard came to Apple, he responded to a question like this (sent by me) by explaining that spending scarce man-hours developing pf was a waste of time because FreeBSD already had a firewall. I understood from his reply that he hadn't actually paid any attention to what I explained were the then- existing advantages of pf (incl. authpf, etc.). Integrated NAT didn't yet exist, so the admin advantages have increased. Questions about features that make administration easier have occasionally been replied-to on the list with retorts about how grandma doesn't want to administer her machine, she wants to use it, which of course flies in the face of Grandma's purpose, which is to have the machine do what she wants so readily that she spends her time using it rather than either administering it or regarding it as broken. Administering is simply the effort needed to prepare the machine to behave as you want as you use it, and it should be a goal to make this time as short and as painless as possible, not pretend every machine will magically take care of needs as configured from the mfg. This email sent to site_archiver@lists.apple.com