pf(4) status in 7.0-R
phoemix at harmless.hu
Sun Jun 3 18:56:58 UTC 2007
On Sun, Jun 03, 2007 at 08:52:03PM +0200, Max Laier wrote:
> On Sunday 03 June 2007, Gergely CZUCZY wrote:
> > On Sun, Jun 03, 2007 at 11:43:10PM +0800, LI Xin wrote:
> > > Max Laier wrote:
> > > [...]
> > >
> > > > How do people feel about removing ftp-proxy from the base
> > > > altogether? I think it's better off in ports anyway. Opinions?
> > I would vote for including pftpx (the newer version in OpenBSD) iirc.
> > Almost a year ago I've made an ftp service where the ftpd was jailed to
> > a local IP address, and i had to use ftp-proxy for this propose. This
> > reverse-proxying stuff couldn't be achived with the ftp-proxy in
> > base, so i had to use the later version, which has the name pftpx
> > in the ports tree. I'd vote for replacing ftp-proxy with pftpx.
> Okay, but why? Is there any reason you can't use pftpx (or the newer
> version of ftp-proxy) from the ports tree? Why does ftp-proxy have to be
> in base?
Because it's somehow part of pf. Very loosely, but part of it. This is the
way how pf(4) does the tracking of the data connections associated with
the control connections, so it's kind of part of it.
We could even use csup, ssh, or natd for ipfw from ports, but
it's also somehow part of the base system, for a bit similar
reason, I think so.
> /"\ Best regards, | mlaier at freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mlaier at EFnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
mailto: gergely.czuczy at harmless.hu
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 1649 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20070603/a466c260/attachment.pgp
More information about the freebsd-current