From owner-freebsd-security Thu Mar 28 6:54:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from patrocles.silby.com (d129.as29.nwbl0.wi.voyager.net [169.207.73.131]) by hub.freebsd.org (Postfix) with ESMTP id EB35537B404 for ; Thu, 28 Mar 2002 06:54:04 -0800 (PST) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.2/8.12.2) with ESMTP id g2SKqVUH024760; Thu, 28 Mar 2002 14:52:31 -0600 (CST) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.2/8.12.2/Submit) with ESMTP id g2SKqPll024757; Thu, 28 Mar 2002 14:52:28 -0600 (CST) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Thu, 28 Mar 2002 14:52:24 -0600 (CST) From: Mike Silbersack To: Attila Nagy Cc: Alex Holst , Subject: Re: pf OR ipf ? In-Reply-To: Message-ID: <20020328144718.L24744-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 28 Mar 2002, Attila Nagy wrote: > Hello, > > > pf currently runs only on OpenBSD. Jordan Hubbard has expressed > > annoyance with the fact that there are now three filters (ipfw, ipf and > > pf) so it seems unlikely that FreeBSD is going to port it. > I'm sad to hear that. I think diversity is a good thing. With FreeBSD if > you are paranoid you can set up your firewall rules in two packet filters, > which has a different codebase. So if one fails, it is unlikely that the > other will too. > I think it is good to have more than one packet filter in the kernel :) > > With PF some more features could be also ported, like the bridge support. > And that would be a good thing also. > > --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- > Attila Nagy e-mail: Attila.Nagy@fsn.hu > Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) The primary reason that pf (and iptables, and Microsoft's win32 layer) have not been ported to FreeBSD is lack of developer time. If you believe that PF would be a good thing, go ahead and port it over. If the code was unobtrusive, I'm sure it would make it into the tree. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message