From owner-freebsd-current@FreeBSD.ORG Sun Apr 14 22:25:14 2013 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 118044DA; Sun, 14 Apr 2013 22:25:14 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) by mx1.freebsd.org (Postfix) with ESMTP id BF7A35FE; Sun, 14 Apr 2013 22:25:13 +0000 (UTC) Received: from amavis-proxy-ori.ijs.si (localhost [IPv6:::1]) by mail.ijs.si (Postfix) with ESMTP id 3ZpnTf6GNLzGMf1; Mon, 15 Apr 2013 00:25:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= message-id:content-transfer-encoding:content-type:content-type :mime-version:organization:in-reply-to:references:user-agent :date:date:subject:subject:from:from:received:received:received :vbr-info; s=jakla2; t=1365978308; x=1368570309; bh=ERuCSN/R29Tv d448E63be+NM6qgx9Uc4v8XSyOdm/qk=; b=ALgzQDf1ua27wVCUM9K5U1kFCYJ6 iACaHQpqSuajJF77bAEp6JJ5N5xRX6A1uxXP5l4DFd4dYXq90vyqQRN5UHccTpQq lzvw0PiigJsjbsg/0QNw+MVZS3AmeqpaBmzB7uaoN4qxmNBz8+JM3COuYg6FlDvY zt/eHrr8nsAStZE= VBR-Info: md=ijs.si; mc=all; mv=dwl.spamhaus.org; X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-proxy-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10012) with ESMTP id 2df5AFYu6xoJ; Mon, 15 Apr 2013 00:25:08 +0200 (CEST) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP; Mon, 15 Apr 2013 00:25:07 +0200 (CEST) Received: from sleepy.ijs.si (sleepy.ijs.si [IPv6:2001:1470:ff80:e001::1:1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mildred.ijs.si (Postfix) with ESMTPSA id CC42C330; Mon, 15 Apr 2013 00:25:07 +0200 (CEST) From: Mark Martinec To: freebsd-net@freebsd.org, current@freebsd.org Subject: Re: ipfilter(4) needs maintainer Date: Mon, 15 Apr 2013 00:25:07 +0200 User-Agent: KMail/1.13.7 (FreeBSD/9.1-STABLE; KDE/4.9.5; amd64; ; ) References: <20130411201805.GD76816@FreeBSD.org> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> In-Reply-To: <36562.1365960622.5652758659450863616@ffe10.ukr.net> Organization: J. Stefan Institute MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201304150025.07337.Mark.Martinec+freebsd@ijs.si> X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Apr 2013 22:25:14 -0000 On Sunday April 14 2013 19:30:22 wishmaster wrote: > > Do we honestly need three packet filters? > Yes! This is the most clever thought in this thread. Why we need 3 > firewalls? Two packet filters it's excess too. We have two packet filters: > one with excellent syntax and functionality but with outdated bandwidth > control mechanism (aka ALTQ); another - with nice traffic > shaper/prioritization (dummynet)/classification (diffused) but with > complicated implementation in not trivial tasks. May be the next step > will be discussion about one packet filter in the system?.. ... and as far as I can tell none of them is currently usable on an IPv6-only FreeBSD (like protecting a host with sshguard), none of them supports stateful NAT64, nor IPv6 prefix translation :( Mark