wishmaster wrote: > --- Original message --- > From: "Gary Palmer" <gpalmer_at_freebsd.org> > Date: 14 April 2013, 19:06:59 > > >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote: >>> Is it possible to move ipfilter into a port? >> That may work short term, but the ENOMAINTAINER problem will quickly creep >> up again as kernel APIs change. If the author has lost interest in >> maintaining the FreeBSD port of ipfilter then unless someone steps forward >> to carry on the work, I don't see much of a future for ipfilter in >> FreeBSD >> >> Do we honestly need three packet filters? > > Yes! This is the most clever thought in this thread. Why we need 3 firewalls? Two packet filters it's excess too. > We have two packet filters: one with excellent syntax and functionality but with outdated bandwidth control mechanism (aka ALTQ); another - with nice traffic shaper/prioritization (dummynet)/classification (diffused) but with complicated implementation in not trivial tasks. > May be the next step will be discussion about one packet filter in the system?.. > > Cheers, For non-nat ipfw is still superior in every way, numbered rules (think: scripts), dummynet, much faster than pf, syntax is a lot nicer and predictable... Does anyone even use ipf? it doesn't even work on Linux anymore, junk it and keep pf+ipfw, job done.Received on Sun Apr 14 2013 - 16:55:50 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC