[Xorp-hackers] Re: xorp for wireless authentication/access

[Eddie Kohler]

> This would work for this application.  
> 
> But a XORP router *is* going to have to be able to do fairly general
> firewalling.  
> 
> Perhaps the solution here is to clone Juniper's firewall CLI, map this
> into an API to the FEA for the basic firewall functionality, and fix
> up everything in the FEA to map this to native calls.  This would give
> us basic functionality, but not the bells and whistles.  

Oy, I disagree with this approach, except for this:

> And then if you really need the bells and whistles, provide a bypass
> mechanism to access the platform's native interface directly, albeit
> non-portably.

I think the right thing to do now is to incrementally add well-designed
bits to the FEA as we need specific firewall functions. Then any potential
unifying plan would emerge naturally.

E