From owner-freebsd-security Sat Apr 6 14:47:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from enterprise.francisscott.net (enterprise.francisscott.net [64.81.95.235]) by hub.freebsd.org (Postfix) with ESMTP id 9A0A437B404; Sat, 6 Apr 2002 14:47:21 -0800 (PST) Received: from cobalt.heavymetal.org (cobalt.heavymetal.org [64.81.95.242]) by enterprise.francisscott.net (Postfix) with ESMTP id 5287654A2; Sat, 6 Apr 2002 14:47:21 -0800 (PST) Date: Sat, 6 Apr 2002 14:47:17 -0800 From: Scott Lampert To: "Crist J. Clark" Cc: security@FreeBSD.ORG Subject: Re: pf OR ipf ? Message-Id: <20020406144717.5b973afd.scott@lampert.org> In-Reply-To: <20020328121200.C97841@blossom.cjclark.org> References: <20020328064640.GA74780@area51.dk> <20020328121200.C97841@blossom.cjclark.org> X-Mailer: Sylpheed version 0.7.4claws (GTK+ 1.2.10; i386-portbld-freebsd4.5) X-Operating-System: FreeBSD4 Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=.,J.PRY+Ujm3o,B" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.,J.PRY+Ujm3o,B Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 28 Mar 2002 12:12:00 -0800 "Crist J. Clark" wrote: > On Thu, Mar 28, 2002 at 01:20:40PM +0100, Attila Nagy wrote: > > Hello, > > > > > pf currently runs only on OpenBSD. Jordan Hubbard has expressed > > > annoyance with the fact that there are now three filters (ipfw, ipf and > > > pf) so it seems unlikely that FreeBSD is going to port it. > > I'm sad to hear that. I think diversity is a good thing. With FreeBSD if > > you are paranoid you can set up your firewall rules in two packet filters, > > which has a different codebase. So if one fails, it is unlikely that the > > other will too. > > I think it is good to have more than one packet filter in the kernel :) > > > > With PF some more features could be also ported, like the bridge support. > > And that would be a good thing also. > > There is nothing special about PF that makes bridge support > easier. Afterall, there is mature bridging support for IPFilter in > OpenBSD. I also recently committed a hack for IPFilter bridging > support in -CURRENT. I'll put the -STABLE patches on the website > listed in the headers and .sig today if anyone wants 'em. Please do! Thats the one thing I've really been missing in FreeBSD. Any chance of that ever making it into a RELEASE tree? -- Scott Lampert "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, 1759 Public Key: http://www.lampert.org/lampert.key --=.,J.PRY+Ujm3o,B Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) iD8DBQE8r3r5SVL3/uWE7xYRAgqGAKCHl9nESnBNdiohEQQOgOsdc25DYACdFqvY 3S9Wv/WIr4mP//de/KJr6KQ= =7kXf -----END PGP SIGNATURE----- --=.,J.PRY+Ujm3o,B-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message