Date: Sat, 6 Apr 2002 14:47:17 -0800 From: Scott Lampert <scott@lampert.org> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: security@FreeBSD.ORG Subject: Re: pf OR ipf ? Message-ID: <20020406144717.5b973afd.scott@lampert.org> In-Reply-To: <20020328121200.C97841@blossom.cjclark.org> References: <20020328064640.GA74780@area51.dk> <Pine.LNX.4.44.0203281308070.2202-100000@scribble.fsn.hu> <20020328121200.C97841@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=.,J.PRY+Ujm3o,B Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 28 Mar 2002 12:12:00 -0800 "Crist J. Clark" <cjc@FreeBSD.ORG> wrote: > On Thu, Mar 28, 2002 at 01:20:40PM +0100, Attila Nagy wrote: > > Hello, > > > > > pf currently runs only on OpenBSD. Jordan Hubbard has expressed > > > annoyance with the fact that there are now three filters (ipfw, ipf and > > > pf) so it seems unlikely that FreeBSD is going to port it. > > I'm sad to hear that. I think diversity is a good thing. With FreeBSD if > > you are paranoid you can set up your firewall rules in two packet filters, > > which has a different codebase. So if one fails, it is unlikely that the > > other will too. > > I think it is good to have more than one packet filter in the kernel :) > > > > With PF some more features could be also ported, like the bridge support. > > And that would be a good thing also. > > There is nothing special about PF that makes bridge support > easier. Afterall, there is mature bridging support for IPFilter in > OpenBSD. I also recently committed a hack for IPFilter bridging > support in -CURRENT. I'll put the -STABLE patches on the website > listed in the headers and .sig today if anyone wants 'em. Please do! Thats the one thing I've really been missing in FreeBSD. Any chance of that ever making it into a RELEASE tree? -- Scott Lampert <scott@lampert.org> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, 1759 Public Key: http://www.lampert.org/lampert.key --=.,J.PRY+Ujm3o,B Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) iD8DBQE8r3r5SVL3/uWE7xYRAgqGAKCHl9nESnBNdiohEQQOgOsdc25DYACdFqvY 3S9Wv/WIr4mP//de/KJr6KQ= =7kXf -----END PGP SIGNATURE----- --=.,J.PRY+Ujm3o,B-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020406144717.5b973afd.scott>