From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:35999) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QBRDA-0004vk-VY for qemu-devel@nongnu.org; Sun, 17 Apr 2011 08:36:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QBRD9-0000IC-UK for qemu-devel@nongnu.org; Sun, 17 Apr 2011 08:36:20 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60337) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QBRD9-0000Hn-JP for qemu-devel@nongnu.org; Sun, 17 Apr 2011 08:36:19 -0400 Message-ID: <4DAADEBA.5070700@redhat.com> Date: Sun, 17 Apr 2011 15:36:10 +0300 From: Avi Kivity MIME-Version: 1.0 References: <4DA47FEB.5070402@siemens.com> <4DA6FB44.3020208@redhat.com> <4DA6FFE9.6010100@redhat.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Daisuke Nojiri Cc: Jan Kiszka , qemu-devel@nongnu.org On 04/14/2011 11:04 PM, Daisuke Nojiri wrote: > Hi, Avi, > > Complex and complete firewalling is probably out of my focus for now. > I'm trying to introduce a simple reverse firewall functionality which > filters outgoing patckets based on only destination address and port. > Since Qemu doesn't have any reverse firewall currently, I believe this > is a good addition and start. > IMO this is the wrong direction. Integrating libpcap should be simple (a call to pcap_offline_filter()) and immediately satisfy all current and future firewalling needs. -- error compiling committee.c: too many arguments to function