1ipfw2 on FreeBSD/5 (5.1 has pf) 2 3optimize port wildcard rules for each firewall type - e.g. using ipf 4FR_NONE, pf PF_OP_NONE, etc. 5 6ipchains sleazy exec 7 8audit addr_ntos() for non-zero'd host bits 9 10make *_loop() prevent modification within loop, or modify only 11post-iteration 12 13prefix everything with dnet_*, maybe new API with common dnet_t handle? 14 15more documentation and example code 16 17ip-cooked.c: use RTM_RESOLVE for ip_lookup_mac() (GetBestInterface()?) 18 19add a way to enable ip forwarding? 20 21finish IPv6 support everywhere (fw, route, ip6, win32, etc.) 22 23reimplement win32 fw (lost with laptop hd crash!@#$%) 24 25NAT, ipsec interface? 26 27maybe Checkpoint FW-1 support, via OPSEC (hrr) 28 29--------+------+-----+-----+----+----+------+-------+-----+ 30 | addr | arp | eth | fw | ip | intf | route | tun | 31--------+------+-----+-----+----+----+------+-------+-----+ 32openbsd | | | | | | | | | 33--------+------+-----+-----+----+----+------+-------+-----+ 34freebsd | | | | 1 | | | | ? | 35--------+------+-----+-----+----+----+------+-------+-----+ 36netbsd | | | | | | | | ? | 37--------+------+-----+-----+----+----+------+-------+-----+ 38linux | | | | | | | | | 39--------+------+-----+-----+----+----+------+-------+-----+ 40solaris | | | | 7 | | | | ? | 41--------+------+-----+-----+----+----+------+-------+-----+ 42macosx | | | | | | | | ? | 43--------+------+-----+-----+----+----+------+-------+-----+ 44irix | | | | 7 | | | | - | 45--------+------+-----+-----+----+----+------+-------+-----+ 46bsdi | | | | 7 | | | | - | 47--------+------+-----+-----+----+----+------+-------+-----+ 48tru64 | | | | 7 | | | | - | 49--------+------+-----+-----+----+----+------+-------+-----+ 50hp-ux | | | | 7 | | 3 | | - | 51--------+------+-----+-----+----+----+------+-------+-----+ 52win32 | | | | | | 3 | | - | 53--------+------+-----+-----+----+----+------+-------+-----+ 54unixware| | - | 2 | - | - | | 4 | - | 55--------+------+-----+-----+----+----+------+-------+-----+ 56aix | | 5 | - | - | - | | 6 | - | 57--------+------+-----+-----+----+----+------+-------+-----+ 58 59 = works, tested 1 = ipfw support, but no ipfw2 60? = untested 2 = eth_send doesn't work 61- = unimplemented 3 = intf_set doesn't work 62 4 = route_loop only works 63 5 = arp_show doesn't work 64 6 = route_loop doesn't work 65 7 = IP Filter should work, but untested 66 67arp-{bsd,ioctl} both b0rked on unixware 68 69eth_send() doesn't allow src mac spoofing on MacOS X (no 70BIOCSHDRCMPLT) without patch (http://slagheap.net/etherspoof/), 71also b0rked on BSD/OS, says markus. not possible on Tru64? 72 73no support for ICMP code in ipfw, therefore none in fw-ipfw.c 74 75need reliable, legit HP-UX, Unixware, and AIX accounts with root 76access to finish the ports to those platforms. i'd be happy to port to 77other platforms also, given similar (temporary) access. 78 79$Id: TODO 582 2005-02-14 21:56:59Z dugsong $ 80