cvs commit: src/sys/contrib/pf/net if_pflog.c if_pflog.h
if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pf_norm.c pf_osfp.c
pf_table.c pfvar.h src/sys/contrib/pf/netinet in4_cksum.c
Steve Kargl
sgk at troutmask.apl.washington.edu
Thu Feb 26 09:58:03 PST 2004
On Thu, Feb 26, 2004 at 12:08:04AM -0600, Jeremy Messenger wrote:
> On Wed, 25 Feb 2004 22:01:26 -0800, Steve Kargl
> <sgk at troutmask.apl.washington.edu> wrote:
>
>>On Wed, Feb 25, 2004 at 06:34:13PM -0800, Max Laier wrote:
>>>mlaier 2004/02/25 18:34:12 PST
>>>
>>> FreeBSD src repository
>>>
>>> Modified files:
>>> sys/contrib/pf/net if_pflog.c if_pflog.h if_pfsync.c
>>> if_pfsync.h pf.c pf_ioctl.c pf_norm.c
>>> pf_osfp.c pf_table.c pfvar.h
>>> sys/contrib/pf/netinet in4_cksum.c
>>> Log:
>>> Bring diff from the security/pf port. This has code been tested as a port
>>> for a long time and is run in production use. This is the code present in
>>> portversion 2.03 with some additional tweaks.
>>
>>
>> Was this import discussed on arch@ or current@? We now have ipfw,
>> ipfilter, and pf in the base system. How many more firewall packages are
>> we going to import into the base system? Are you going to remove ipfw
>> or ipfilter? Is there a NO_PF make.conf knob?
>
> http://lists.freebsd.org/mailman/htdig/cvs-src/2004-February/018320.html
>
This does not look like a discussion concerning the merits/drawbacks
of pf over the other packet filters in the tree. The commit message
states the pf was in the Ports Collection. Why bring it into the base
system? Also, are there plans to retire the other filters or to at
least unify pf with the others?
--
Steve
More information about the cvs-all
mailing list