>If the code I'm reading, 1.1.88, is actually what is in use, then Linux
>should be LAST on your list of operating systems to use for a firewall,
>ipfw or no. It would be trivial for a "bad" IP packet to cause a Linux
>kernel numerous problems. All sorts of things are done in the wrong
>order (assuming BSD is more correct) and various sanity checks on incoming
>packets are not performed. This is just from reading their code in the
>last 5 mins, with NetBSD in another window on the right, and comparing
>the two, seeing what does and doesn't get done. That or the BSD code is
>more paranoid about what it does and trusts, which isn't an altogether
Could you be more specific about your comments above? Yes, I am interested
in using Linux as a firewall, but hadn't begun to look at the actual
firewall code. You're analysis could save me time.
Johnathan Corgan "Cypherpunks will make networks safe for privacy."
com -Eric Hughes