From owner-freebsd-current@FreeBSD.ORG Sat Jul 26 18:43:43 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 07206A66 for ; Sat, 26 Jul 2014 18:43:43 +0000 (UTC) Received: from smtp-out-02.shaw.ca (smtp-out-02.shaw.ca [64.59.136.138]) by mx1.freebsd.org (Postfix) with ESMTP id C7DB62544 for ; Sat, 26 Jul 2014 18:43:42 +0000 (UTC) X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.1 cv=6dlcsJ/IGOduaTWa2Dbsml466mjAwLXxxnCzM8r9qRI= c=1 sm=1 a=cQ5pcHtl6RgA:10 a=QrugwKR0C_UA:10 a=wAGQQ9Az6v0A:10 a=BLceEmwcHowA:10 a=ICAaq7hcmGcA:10 a=kj9zAlcOel0A:10 a=IbtKDeXwb2+SRU442/pi3A==:17 a=s6FIl2w8AAAA:8 a=BWvPGDcYAAAA:8 a=6I5d2MoRAAAA:8 a=8maHDl6W-6XO_h7xEEEA:9 a=CjuIK1q_8ugA:10 a=cGv0LpZPy6cA:10 a=V7tsTZBp22UA:10 a=SV7veod9ZcQA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 Received: from unknown (HELO spqr.komquats.com) ([96.50.7.119]) by smtp-out-02.shaw.ca with ESMTP; 26 Jul 2014 12:43:41 -0600 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 17C589EC3; Sat, 26 Jul 2014 11:43:41 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.14.9/8.14.9) with ESMTP id s6QIheGk008600; Sat, 26 Jul 2014 11:43:40 -0700 (PDT) (envelope-from Cy.Schubert@komquats.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.14.9/8.14.8/Submit) with ESMTP id s6QIhcx4008597; Sat, 26 Jul 2014 11:43:39 -0700 (PDT) (envelope-from Cy.Schubert@komquats.com) Message-Id: <201407261843.s6QIhcx4008597@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: Darren Reed Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? In-Reply-To: Message from Darren Reed of "Sat, 26 Jul 2014 21:49:56 +1000." <53D395E4.1070006@fastmail.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 26 Jul 2014 11:43:38 -0700 Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2014 18:43:43 -0000 In message <53D395E4.1070006@fastmail.net>, Darren Reed writes: > On 24/07/2014 1:42 AM, Cy Schubert wrote: > >>> > >>> But, lack of ipv6 fragment processing still causes ongoing pain. That'= > >>> s our=20 > >>> #1 wish list item for the cluster. > > Taking this discussion slightly sideways but touching on this thread a > > little, each of our packet filters will need nat66 support too. Pf doesn't > > support it for sure. I've been told that ipfw may and I suspect ipfilter > > doesn't as it was on Darren's todo list from 2009. > > ipfiler 5 handles fragments for ipv6. Switching gears and leaving the discussion of ipv6 fragments to mention nat66. A lot of people have been talking about nat66. I could be wrong but I don't think it can handle nat66. I need to do some testing to verify this. I remember reading on sourceforge that it was on your todo list. It doesn't look like it was checked off as being completed. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.