From owner-freebsd-current@FreeBSD.ORG Sat Jul 26 11:49:57 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F9E07BF for ; Sat, 26 Jul 2014 11:49:57 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0BEF323F4 for ; Sat, 26 Jul 2014 11:49:56 +0000 (UTC) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by gateway1.nyi.internal (Postfix) with ESMTP id 4AFBC21BB6 for ; Sat, 26 Jul 2014 07:49:54 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute6.internal (MEProxy); Sat, 26 Jul 2014 07:49:54 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s=mesmtp; bh=RJLKNiNwSxnEDe/ACcP00Qk5BS0=; b=K3kWnuWC8cIZt7OTlWlPPJS8q0Rd mD/opAAm3YI3D6vzufTl4rtop/bJmK072yX4F0lVR4xcbFokJ+to/8Ptf8moF9NH Ps9c7UjkS4gtdE+1fK+HX5zKqeG5wcFp7WsmLdylMySFo/dJdrB67WMmkEd2ummS JqH2sdEKfCi0fwM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=RJLKNiNwSxnEDe/ACcP00Q k5BS0=; b=T2YiD5fKR8dGb3b9w2my6dPE7wF1T6+nOv/F7iBThc1/O/gjEKtwus 07XR1UiC1F3PHqQ0Ze0NDF/aAz6lIo/Bg6nwP5gvsJfcOKU0zRmW5YHZ2QUYTTM0 pTCcgtVYAXsI80H7fpD6XGKpGeYkx+K4zZCR34hHb0H7GUvkE8Q2E= X-Sasl-enc: cLlg/mJQXz3MYIj8JRZkB7bRZkSzReDNeBrkCZ9pTbwi 1406375393 Received: from [192.168.1.31] (unknown [203.206.138.26]) by mail.messagingengine.com (Postfix) with ESMTPA id A0AD7C00003 for ; Sat, 26 Jul 2014 07:49:53 -0400 (EDT) Message-ID: <53D395E4.1070006@fastmail.net> Date: Sat, 26 Jul 2014 21:49:56 +1000 From: Darren Reed User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? References: <201407231542.s6NFgX4M025370@slippy.cwsent.com> In-Reply-To: <201407231542.s6NFgX4M025370@slippy.cwsent.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sat, 26 Jul 2014 12:22:27 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2014 11:49:57 -0000 On 24/07/2014 1:42 AM, Cy Schubert wrote: >>> >>> But, lack of ipv6 fragment processing still causes ongoing pain. That'= >>> s our=20 >>> #1 wish list item for the cluster. > Taking this discussion slightly sideways but touching on this thread a > little, each of our packet filters will need nat66 support too. Pf doesn't > support it for sure. I've been told that ipfw may and I suspect ipfilter > doesn't as it was on Darren's todo list from 2009. ipfiler 5 handles fragments for ipv6. Darren