Date: Mon, 01 Apr 2019 09:31:06 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Cy Schubert" <Cy.Schubert@cschubert.com> Cc: "Ed Schouten" <ed@nuxi.nl>, src-committers <src-committers@freebsd.org>, svn-src-projects@freebsd.org Subject: Re: svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl Message-ID: <9E67836D-5E66-4E82-AB3F-F854AE008759@FreeBSD.org> In-Reply-To: <201904010728.x317SWXD076162@slippy.cwsent.com> References: <201904010728.x317SWXD076162@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Apr 2019, at 9:28, Cy Schubert wrote: > In message <EFC99E7D-CE93-4168-B0A3-CD36113A652F@FreeBSD.org>, Kristof > Provost > writes: >> >> >>> On 1 Apr 2019, at 08:39, Ed Schouten <ed@nuxi.nl> wrote: >>> >>> Op ma 1 apr. 2019 om 07:53 schreef Kristof Provost <kp@freebsd.org>: >>>> Users are advised to migrate to ipf. >>> >>> Has anyone considered importing netfilter/iptables? >>> >> Nftables, surely? >> We wouldnât want to import their outdated firewall. > > Does it support RFC 1149 and RFC 2549? None of our firewalls do. Then > again, neither does our stack. How difficult would it be to support > this? > I’ve done some investigating, and the current research indicates that while it is possible to filter RFC 1149 and RFC 2549 it’s very hard to train the falcons, and it does make a bit of a mess when you drop packets. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9E67836D-5E66-4E82-AB3F-F854AE008759>