ipfw ruleset optimization and highlevel rule definition language

by Tatsiana Elavaya for The FreeBSD Project

ipfw has very flexible internal structure due to representing rules as a series of opcodes. But complex ipfw rulesets tend to become a maze of goto's (skipto opcode) and hard to administrate. I propose to add support for highlevel domain specific language for specifying ipfw rules. As rules generated by such translator are going to contain excessive checks I propose to implement ruleset optimization. Optimizer doesn't depend on highlevel parser and would be useful on its own.