On Sun, Apr 14, 2013 at 07:55:21PM +0100, Joe Holden wrote: > wishmaster wrote: > > > --- Original message --- > > From: "Gary Palmer" <gpalmer_at_freebsd.org> > > Date: 14 April 2013, 19:06:59 > > > > > >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote: > >>> Is it possible to move ipfilter into a port? > >> That may work short term, but the ENOMAINTAINER problem will quickly creep > >> up again as kernel APIs change. If the author has lost interest in > >> maintaining the FreeBSD port of ipfilter then unless someone steps forward > >> to carry on the work, I don't see much of a future for ipfilter in > >> FreeBSD > >> > >> Do we honestly need three packet filters? > > > > Yes! This is the most clever thought in this thread. Why we need > > 3 firewalls? Two packet filters it's excess too. > > We have two packet filters: one with excellent syntax and > > functionality but with outdated bandwidth control mechanism > > (aka ALTQ); another - with nice traffic shaper/prioritization > > (dummynet)/classification (diffused) but with complicated > > implementation in not trivial tasks. > > May be the next step will be discussion about one packet filter in the system?.. > > > > Cheers, > For non-nat ipfw is still superior in every way, numbered rules (think: > scripts), dummynet, much faster than pf, syntax is a lot nicer and > predictable... > > Does anyone even use ipf? it doesn't even work on Linux anymore, junk it > and keep pf+ipfw, job done. m0n0wall uses ipfilter: http://m0n0.ch/wall/facts.php
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC