svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl
Kristof Provost
kp at FreeBSD.org
Mon Apr 1 07:31:09 UTC 2019
On 1 Apr 2019, at 9:28, Cy Schubert wrote:
> In message <EFC99E7D-CE93-4168-B0A3-CD36113A652F at FreeBSD.org>, Kristof
> Provost
> writes:
>>
>>
>>> On 1 Apr 2019, at 08:39, Ed Schouten <ed at nuxi.nl> wrote:
>>>
>>> Op ma 1 apr. 2019 om 07:53 schreef Kristof Provost <kp at freebsd.org>:
>>>> Users are advised to migrate to ipf.
>>>
>>> Has anyone considered importing netfilter/iptables?
>>>
>> Nftables, surely?
>> We wouldn’t want to import their outdated firewall.
>
> Does it support RFC 1149 and RFC 2549? None of our firewalls do. Then
> again, neither does our stack. How difficult would it be to support
> this?
>
I’ve done some investigating, and the current research indicates that
while it is possible to filter RFC 1149 and RFC 2549 it’s very hard
to train the falcons, and it does make a bit of a mess when you drop
packets.
Regards,
Kristof
More information about the svn-src-projects
mailing list