Kurt Lidl, Deborah Lidl and Paul Borman worked to produce a paper for the USENIX sponsored BSDCon 2002 conference, held in San Francisco, in February, 2002. The paper referenced below, ``Flexible Packet Filtering: Providing a Rich Toolbox'' was presented at that conference. It describes the BSD/OS IPFW system in some detail, describing the implementation, and how it relates to the venerable BPF packet filtering facility.
As promised in the paper, there are some sample filters for the BSD/OS IPFW system located here, in the file filters.pax.gz.
They have what I think is a reasonable three-clause BSD style copyright protecting them.
Electronic copies of the paper are also available as a PDF file or as a Postscript file.
Paul Borman has provided an electronic copy of the slides used in the presentation at BSDCon 2002. These slides are available as a set of HTML pages. The presentation was created using the MagicPoint presentation tool.
As an extra special bonus, I've written some notes on some IPFW entensions and enhancements that I would find interesting to have. This was written after hacking up the NIMDA filter (included in the samples filter files above).
Around the time that the announcement of the end of BSD/OS development at WRS, Paul Borman posted two messages to the bsdi-users mailing list. These messages contained an internally maintained feature list of what the BSD/OS IPFW facilies supported, and an additional note that spelled out a few additional changes that the system had been modified to support.
Since these are probably the most up-to-date documentation that exists for the BSD/OS IPFW system, I have put copies here for your reference. I have taken the liberty of removing some extraneous mail delivery headers and deleted email addresses to avoid address collection by spammers.
Hopefully this reference material will be useful to someone.
This page has been accessed times since 22 February 2002.