Date: Mon, 15 Apr 2013 12:15:26 +0200 From: Lars Engels <lars.engels@0x20.net> To: Joe Holden <lists@rewt.org.uk> Cc: Gary Palmer <gpalmer@freebsd.org>, "net@freebsd.org" <net@freebsd.org>, "current@freebsd.org" <current@freebsd.org>, wishmaster <artemrts@ukr.net> Subject: Re: ipfilter(4) needs maintainer Message-ID: <20130415101526.GA65341@e-new.0x20.net> In-Reply-To: <516AFB99.2040007@rewt.org.uk> References: <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com> <CADLo839TyKF2dnONpQ6fyUAVOHG1dYYXih5wS3jANVZBiR=VTA@mail.gmail.com> <alpine.BSF.2.00.1304140946440.10505@wonkity.com> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <516AFB99.2040007@rewt.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--SUOF0GtieIMvvwua Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 14, 2013 at 07:55:21PM +0100, Joe Holden wrote: > wishmaster wrote: >=20 > > --- Original message --- > > From: "Gary Palmer" <gpalmer@freebsd.org> > > Date: 14 April 2013, 19:06:59 > >=20 > > =20 > >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote: > >>> Is it possible to move ipfilter into a port? > >> That may work short term, but the ENOMAINTAINER problem will quickly c= reep > >> up again as kernel APIs change. If the author has lost interest in > >> maintaining the FreeBSD port of ipfilter then unless someone steps for= ward > >> to carry on the work, I don't see much of a future for ipfilter in > >> FreeBSD > >> > >> Do we honestly need three packet filters? > > =20 > > Yes! This is the most clever thought in this thread. Why we need > > 3 firewalls? Two packet filters it's excess too. > > We have two packet filters: one with excellent syntax and > > functionality but with outdated bandwidth control mechanism > > (aka ALTQ); another - with nice traffic shaper/prioritization > > (dummynet)/classification (diffused) but with complicated > > implementation in not trivial tasks. > > May be the next step will be discussion about one packet filter in = the system?.. > >=20 > > Cheers, > For non-nat ipfw is still superior in every way, numbered rules (think:= =20 > scripts), dummynet, much faster than pf, syntax is a lot nicer and=20 > predictable... >=20 > Does anyone even use ipf? it doesn't even work on Linux anymore, junk it= =20 > and keep pf+ipfw, job done. m0n0wall uses ipfilter: http://m0n0.ch/wall/facts.php --SUOF0GtieIMvvwua Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlFr0z4ACgkQKc512sD3afigkgCgklyPLcaWJH3qt5S0U8iXp6xR j1EAn1zbodljf60/M7bXSjT2C1rFF0bz =faym -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130415101526.GA65341>