From owner-freebsd-net@FreeBSD.ORG Mon Apr 15 10:26:42 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 926E0C23; Mon, 15 Apr 2013 10:26:42 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-we0-x234.google.com (mail-we0-x234.google.com [IPv6:2a00:1450:400c:c03::234]) by mx1.freebsd.org (Postfix) with ESMTP id D406B18F; Mon, 15 Apr 2013 10:26:41 +0000 (UTC) Received: by mail-we0-f180.google.com with SMTP id r5so3493357wey.11 for ; Mon, 15 Apr 2013 03:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=vXjvTQOwUK2MIjRVTZ9U7h2i+i0KDEYnsDYC/R0Z1AU=; b=e3TWytJ2sWkCROK1i0WXC2Zup8J7nRH9oB1ACv0BnrDNBvJkw/hH5r6a9L4el2mrR+ K/SI15iNUS0AjSays/q3dLZmPIG365mHNTP1rDRYQPQqTTYUolgrSs0nPLDBHpITfA2O l2ieqsQXf3lugFiYkjobfFp1XrteNFbhxZ3Z1fyMnI8RKYVI+y7oWonCLOciQudbrK4E DDpP5mN56TH7ulCDoZwb4xnnxMLDA/2x9FXAAM5ExcEelSjNLzLliN8S51pFogdOg0wC ukhQ1kESy/QEh9vbhpeid87MYoF34xyUQbG09usKJeX9L6JlS4aXdw/0V3mgUu5c4wJP CfAA== MIME-Version: 1.0 X-Received: by 10.180.38.105 with SMTP id f9mr10989707wik.15.1366021600468; Mon, 15 Apr 2013 03:26:40 -0700 (PDT) Received: by 10.216.139.72 with HTTP; Mon, 15 Apr 2013 03:26:40 -0700 (PDT) In-Reply-To: <951943801.20130415141536@serebryakov.spb.ru> References: <20130411201805.GD76816@FreeBSD.org> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <201304150025.07337.Mark.Martinec+freebsd@ijs.si> <951943801.20130415141536@serebryakov.spb.ru> Date: Mon, 15 Apr 2013 13:26:40 +0300 Message-ID: Subject: Re: ipfilter(4) needs maintainer From: Kimmo Paasiala To: lev@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Mark Martinec , freebsd-net@freebsd.org, current@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 10:26:42 -0000 On Mon, Apr 15, 2013 at 1:15 PM, Lev Serebryakov wrote: > Hello, Mark. > You wrote 15 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2013 =D0=B3., 2:25:07: > >>> Yes! This is the most clever thought in this thread. Why we need 3 >>> firewalls? Two packet filters it's excess too. We have two packet filte= rs: >>> one with excellent syntax and functionality but with outdated bandwidth >>> control mechanism (aka ALTQ); another - with nice traffic >>> shaper/prioritization (dummynet)/classification (diffused) but with >>> complicated implementation in not trivial tasks. May be the next step >>> will be discussion about one packet filter in the system?.. > > MM> ... and as far as I can tell none of them is currently usable > MM> on an IPv6-only FreeBSD (like protecting a host with sshguard), > MM> none of them supports stateful NAT64, nor IPv6 prefix translation :( > IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will > render all that NAT nightmare to void. I hope, IPv6 prefix translation > will not be possible never ever! > > -- > // Black Lion AKA Lev Serebryakov > Things like ftp-proxy(8) will need address translation even with IPv6. Also certain scrub options require a NAT like functionalities. -Kimmo