Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 Apr 2013 12:15:26 +0200
From:      Lars Engels <lars.engels@0x20.net>
To:        Joe Holden <lists@rewt.org.uk>
Cc:        Gary Palmer <gpalmer@freebsd.org>, "net@freebsd.org" <net@freebsd.org>, "current@freebsd.org" <current@freebsd.org>, wishmaster <artemrts@ukr.net>
Subject:   Re: ipfilter(4) needs maintainer
Message-ID:  <20130415101526.GA65341@e-new.0x20.net>
In-Reply-To: <516AFB99.2040007@rewt.org.uk>
References:  <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com> <CADLo839TyKF2dnONpQ6fyUAVOHG1dYYXih5wS3jANVZBiR=VTA@mail.gmail.com> <alpine.BSF.2.00.1304140946440.10505@wonkity.com> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <516AFB99.2040007@rewt.org.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 14, 2013 at 07:55:21PM +0100, Joe Holden wrote:
> wishmaster wrote:
>=20
> >  --- Original message ---
> > From: "Gary Palmer" <gpalmer@freebsd.org>
> > Date: 14 April 2013, 19:06:59
> >=20
> > =20
> >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
> >>> Is it possible to move ipfilter into a port?
> >> That may work short term, but the ENOMAINTAINER problem will quickly c=
reep
> >> up again as kernel APIs change.  If the author has lost interest in
> >> maintaining the FreeBSD port of ipfilter then unless someone steps for=
ward
> >> to carry on the work, I don't see much of a future for ipfilter in
> >> FreeBSD
> >>
> >> Do we honestly need three packet filters?
> >  =20
> >     Yes! This is the most clever thought in this thread. Why we need
> >     3 firewalls? Two packet filters it's excess too.
> >      We have two packet filters: one with excellent syntax and
> >      functionality but with outdated bandwidth control mechanism
> >      (aka ALTQ); another - with nice traffic shaper/prioritization
> >      (dummynet)/classification (diffused) but with complicated
> >      implementation  in not trivial tasks.
> >     May be the next step will be discussion about one packet filter in =
the system?..
> >=20
> > Cheers,
> For non-nat ipfw is still superior in every way, numbered rules (think:=
=20
> scripts), dummynet, much faster than pf, syntax is a lot nicer and=20
> predictable...
>=20
> Does anyone even use ipf? it doesn't even work on Linux anymore, junk it=
=20
> and keep pf+ipfw, job done.

m0n0wall uses ipfilter:

http://m0n0.ch/wall/facts.php

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlFr0z4ACgkQKc512sD3afigkgCgklyPLcaWJH3qt5S0U8iXp6xR
j1EAn1zbodljf60/M7bXSjT2C1rFF0bz
=faym
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130415101526.GA65341>