Re: pf(4) status in 7.0-R

From: Gergely CZUCZY <phoemix_at_harmless.hu>
Date: Sun, 3 Jun 2007 20:56:49 +0200
On Sun, Jun 03, 2007 at 08:52:03PM +0200, Max Laier wrote:
> On Sunday 03 June 2007, Gergely CZUCZY wrote:
> > On Sun, Jun 03, 2007 at 11:43:10PM +0800, LI Xin wrote:
> > > Max Laier wrote:
> > > [...]
> > >
> > > > How do people feel about removing ftp-proxy from the base
> > > > altogether?  I think it's better off in ports anyway.  Opinions?
> >
> > I would vote for including pftpx (the newer version in OpenBSD) iirc.
> > Almost a year ago I've made an ftp service where the ftpd was jailed to
> > a local IP address, and i had to use ftp-proxy for this propose. This
> > reverse-proxying stuff couldn't be achived with the ftp-proxy in
> > base, so i had to use the later version, which has the name pftpx
> > in the ports tree. I'd vote for replacing ftp-proxy with pftpx.
> 
> Okay, but why?  Is there any reason you can't use pftpx (or the newer 
> version of ftp-proxy) from the ports tree?  Why does ftp-proxy have to be 
> in base?
Because it's somehow part of pf. Very loosely, but part of it. This is the
way how pf(4) does the tracking of the data connections associated with
the control connections, so it's kind of part of it.

We could even use csup, ssh, or natd for ipfw from ports, but
it's also somehow part of the base system, for a bit similar
reason, I think so.

> 
> -- 
> /"\  Best regards,                      | mlaier_at_freebsd.org
> \ /  Max Laier                          | ICQ #67774661
>  X   http://pf4freebsd.love2party.net/  | mlaier_at_EFnet
> / \  ASCII Ribbon Campaign              | Against HTML Mail and News



Bye,

Gergely Czuczy
mailto: gergely.czuczy_at_harmless.hu

-- 
Weenies test. Geniuses solve problems that arise.

Received on Sun Jun 03 2007 - 16:56:58 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:11 UTC