From owner-freebsd-current@FreeBSD.ORG  Mon Apr 15 10:15:29 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 36DDE82B;
 Mon, 15 Apr 2013 10:15:29 +0000 (UTC)
 (envelope-from lars@e-new.0x20.net)
Received: from mail.0x20.net (mail.0x20.net [217.69.76.211])
 by mx1.freebsd.org (Postfix) with ESMTP id E8B83F2;
 Mon, 15 Apr 2013 10:15:28 +0000 (UTC)
Received: from e-new.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.0x20.net (Postfix) with ESMTPS id 036B86A6002;
 Mon, 15 Apr 2013 12:15:26 +0200 (CEST)
Received: from e-new.0x20.net (localhost [127.0.0.1])
 by e-new.0x20.net (8.14.5/8.14.5) with ESMTP id r3FAFQh7078878;
 Mon, 15 Apr 2013 12:15:26 +0200 (CEST)
 (envelope-from lars@e-new.0x20.net)
Received: (from lars@localhost)
 by e-new.0x20.net (8.14.5/8.14.5/Submit) id r3FAFQ0C077927;
 Mon, 15 Apr 2013 12:15:26 +0200 (CEST) (envelope-from lars)
Date: Mon, 15 Apr 2013 12:15:26 +0200
From: Lars Engels <lars.engels@0x20.net>
To: Joe Holden <lists@rewt.org.uk>
Subject: Re: ipfilter(4) needs maintainer
Message-ID: <20130415101526.GA65341@e-new.0x20.net>
References: <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org>
 <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org>
 <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org>
 <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com>
 <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com>
 <CADLo839TyKF2dnONpQ6fyUAVOHG1dYYXih5wS3jANVZBiR=VTA@mail.gmail.com>
 <alpine.BSF.2.00.1304140946440.10505@wonkity.com>
 <20130414160648.GD96431@in-addr.com>
 <36562.1365960622.5652758659450863616@ffe10.ukr.net>
 <516AFB99.2040007@rewt.org.uk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
In-Reply-To: <516AFB99.2040007@rewt.org.uk>
X-Editor: VIM - Vi IMproved 7.3
X-Operation-System: FreeBSD 8.3-RELEASE-p5
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: Gary Palmer <gpalmer@freebsd.org>, "net@freebsd.org" <net@freebsd.org>,
 "current@freebsd.org" <current@freebsd.org>, wishmaster <artemrts@ukr.net>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 10:15:29 -0000


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 14, 2013 at 07:55:21PM +0100, Joe Holden wrote:
> wishmaster wrote:
>=20
> >  --- Original message ---
> > From: "Gary Palmer" <gpalmer@freebsd.org>
> > Date: 14 April 2013, 19:06:59
> >=20
> > =20
> >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
> >>> Is it possible to move ipfilter into a port?
> >> That may work short term, but the ENOMAINTAINER problem will quickly c=
reep
> >> up again as kernel APIs change.  If the author has lost interest in
> >> maintaining the FreeBSD port of ipfilter then unless someone steps for=
ward
> >> to carry on the work, I don't see much of a future for ipfilter in
> >> FreeBSD
> >>
> >> Do we honestly need three packet filters?
> >  =20
> >     Yes! This is the most clever thought in this thread. Why we need
> >     3 firewalls? Two packet filters it's excess too.
> >      We have two packet filters: one with excellent syntax and
> >      functionality but with outdated bandwidth control mechanism
> >      (aka ALTQ); another - with nice traffic shaper/prioritization
> >      (dummynet)/classification (diffused) but with complicated
> >      implementation  in not trivial tasks.
> >     May be the next step will be discussion about one packet filter in =
the system?..
> >=20
> > Cheers,
> For non-nat ipfw is still superior in every way, numbered rules (think:=
=20
> scripts), dummynet, much faster than pf, syntax is a lot nicer and=20
> predictable...
>=20
> Does anyone even use ipf? it doesn't even work on Linux anymore, junk it=
=20
> and keep pf+ipfw, job done.

m0n0wall uses ipfilter:

http://m0n0.ch/wall/facts.php

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlFr0z4ACgkQKc512sD3afigkgCgklyPLcaWJH3qt5S0U8iXp6xR
j1EAn1zbodljf60/M7bXSjT2C1rFF0bz
=faym
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--