Date: Sun, 14 Apr 2013 19:55:21 +0100 From: Joe Holden <lists@rewt.org.uk> To: wishmaster <artemrts@ukr.net> Cc: "current@freebsd.org" <current@freebsd.org>, "net@freebsd.org" <net@freebsd.org> Subject: Re: ipfilter(4) needs maintainer Message-ID: <516AFB99.2040007@rewt.org.uk> In-Reply-To: <36562.1365960622.5652758659450863616@ffe10.ukr.net> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <E2F803DD-1F3A-430E-957F-7AB1904CDF42@samsco.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com> <CADLo839TyKF2dnONpQ6fyUAVOHG1dYYXih5wS3jANVZBiR=VTA@mail.gmail.com> <alpine.BSF.2.00.1304140946440.10505@wonkity.com> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
wishmaster wrote: > --- Original message --- > From: "Gary Palmer" <gpalmer@freebsd.org> > Date: 14 April 2013, 19:06:59 > > >> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote: >>> Is it possible to move ipfilter into a port? >> That may work short term, but the ENOMAINTAINER problem will quickly creep >> up again as kernel APIs change. If the author has lost interest in >> maintaining the FreeBSD port of ipfilter then unless someone steps forward >> to carry on the work, I don't see much of a future for ipfilter in >> FreeBSD >> >> Do we honestly need three packet filters? > > Yes! This is the most clever thought in this thread. Why we need 3 firewalls? Two packet filters it's excess too. > We have two packet filters: one with excellent syntax and functionality but with outdated bandwidth control mechanism (aka ALTQ); another - with nice traffic shaper/prioritization (dummynet)/classification (diffused) but with complicated implementation in not trivial tasks. > May be the next step will be discussion about one packet filter in the system?.. > > Cheers, For non-nat ipfw is still superior in every way, numbered rules (think: scripts), dummynet, much faster than pf, syntax is a lot nicer and predictable... Does anyone even use ipf? it doesn't even work on Linux anymore, junk it and keep pf+ipfw, job done.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?516AFB99.2040007>