From owner-freebsd-security Thu Mar 28 4:20:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id C41D137B404 for ; Thu, 28 Mar 2002 04:20:33 -0800 (PST) Received: (qmail 3305 invoked by uid 1000); 28 Mar 2002 12:20:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Mar 2002 12:20:40 -0000 Date: Thu, 28 Mar 2002 13:20:40 +0100 (CET) From: Attila Nagy To: Alex Holst Cc: security@freebsd.org Subject: Re: pf OR ipf ? In-Reply-To: <20020328064640.GA74780@area51.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, > pf currently runs only on OpenBSD. Jordan Hubbard has expressed > annoyance with the fact that there are now three filters (ipfw, ipf and > pf) so it seems unlikely that FreeBSD is going to port it. I'm sad to hear that. I think diversity is a good thing. With FreeBSD if you are paranoid you can set up your firewall rules in two packet filters, which has a different codebase. So if one fails, it is unlikely that the other will too. I think it is good to have more than one packet filter in the kernel :) With PF some more features could be also ported, like the bridge support. And that would be a good thing also. --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message