ipfilter(4) needs maintainer
Lars Engels
lars.engels at 0x20.net
Mon Apr 15 10:15:29 UTC 2013
On Sun, Apr 14, 2013 at 07:55:21PM +0100, Joe Holden wrote:
> wishmaster wrote:
>
> > --- Original message ---
> > From: "Gary Palmer" <gpalmer at freebsd.org>
> > Date: 14 April 2013, 19:06:59
> >
> >
> >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
> >>> Is it possible to move ipfilter into a port?
> >> That may work short term, but the ENOMAINTAINER problem will quickly creep
> >> up again as kernel APIs change. If the author has lost interest in
> >> maintaining the FreeBSD port of ipfilter then unless someone steps forward
> >> to carry on the work, I don't see much of a future for ipfilter in
> >> FreeBSD
> >>
> >> Do we honestly need three packet filters?
> >
> > Yes! This is the most clever thought in this thread. Why we need
> > 3 firewalls? Two packet filters it's excess too.
> > We have two packet filters: one with excellent syntax and
> > functionality but with outdated bandwidth control mechanism
> > (aka ALTQ); another - with nice traffic shaper/prioritization
> > (dummynet)/classification (diffused) but with complicated
> > implementation in not trivial tasks.
> > May be the next step will be discussion about one packet filter in the system?..
> >
> > Cheers,
> For non-nat ipfw is still superior in every way, numbered rules (think:
> scripts), dummynet, much faster than pf, syntax is a lot nicer and
> predictable...
>
> Does anyone even use ipf? it doesn't even work on Linux anymore, junk it
> and keep pf+ipfw, job done.
m0n0wall uses ipfilter:
http://m0n0.ch/wall/facts.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20130415/22b4c569/attachment.sig>
More information about the freebsd-net
mailing list