From owner-freebsd-net@FreeBSD.ORG Sun Apr 14 17:53:43 2013 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C05C0184; Sun, 14 Apr 2013 17:53:43 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from ffe10.ukr.net (ffe10.ukr.net [195.214.192.60]) by mx1.freebsd.org (Postfix) with ESMTP id 42A63AC0; Sun, 14 Apr 2013 17:53:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Date:Message-Id:From:To:References:In-Reply-To:Subject:Cc:Content-Type:Content-Transfer-Encoding:MIME-Version; bh=etrq1yVHCoBkAEn3prd7kSDf+mQ6qMXLk8XtLM480Dw=; b=MVwLCqEeGyhChkDjRopy0PLNHqvTZeT+3VCAfBpciS3RM3Xi6J5JVnFpHuvh4oqoT38z4xaKN2ux3R9KK4epj532o5fAJRjDu7HGNVqnX7sS31wVqTU589gEYGwZo+/MQ2aWQ+pEp71kJIMctnEd9VelhxyGQ9dzoTXvoCB34Ik=; Received: from mail by ffe10.ukr.net with local ID 1URQkw-000DrL-J1 ; Sun, 14 Apr 2013 20:30:22 +0300 MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain; charset="windows-1251" Subject: Re[2]: ipfilter(4) needs maintainer In-Reply-To: <20130414160648.GD96431@in-addr.com> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> <20130414160648.GD96431@in-addr.com> To: "Gary Palmer" From: "wishmaster" X-Mailer: freemail.ukr.net 4.0 Message-Id: <36562.1365960622.5652758659450863616@ffe10.ukr.net> Date: Sun, 14 Apr 2013 20:30:22 +0300 Cc: "current@freebsd.org" , "net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Apr 2013 17:53:43 -0000 --- Original message --- From: "Gary Palmer" Date: 14 April 2013, 19:06:59 > On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote: > > Is it possible to move ipfilter into a port? > > That may work short term, but the ENOMAINTAINER problem will quickly creep > up again as kernel APIs change. If the author has lost interest in > maintaining the FreeBSD port of ipfilter then unless someone steps forward > to carry on the work, I don't see much of a future for ipfilter in > FreeBSD > > Do we honestly need three packet filters? Yes! This is the most clever thought in this thread. Why we need 3 firewalls? Two packet filters it's excess too. We have two packet filters: one with excellent syntax and functionality but with outdated bandwidth control mechanism (aka ALTQ); another - with nice traffic shaper/prioritization (dummynet)/classification (diffused) but with complicated implementation in not trivial tasks. May be the next step will be discussion about one packet filter in the system?.. Cheers,